Dateline: June 6, 2026
What This Means for Federal Agencies vs. Private Companies
The U.S. Cybersecurity and Infrastructure Security Agency has flagged another SolarWinds security flaw as an active threat. CISA added a high-severity vulnerability in SolarWinds Serv-U file server software to its Known Exploited Vulnerabilities catalog after detecting ongoing attacks.
What Happened?
The vulnerability, tracked as CVE-2024-28995, affects SolarWinds Serv-U multi-protocol file server software and carries a CVSS score of 8.6 out of 10. CISA discovered evidence that attackers are actively targeting this flaw in the wild, prompting its addition to the KEV catalog.
SolarWinds Serv-U is widely used enterprise software that allows organizations to transfer files securely across multiple protocols including FTP, FTPS, SFTP, and HTTP/HTTPS. The software serves millions of users across government agencies, Fortune 500 companies, and smaller businesses worldwide.
The timing puts additional scrutiny on SolarWinds, which faced massive fallout from the 2020 supply chain attack that compromised thousands of organizations. That incident led to congressional hearings and new federal cybersecurity requirements.
CISA typically adds vulnerabilities to the KEV catalog only when it has concrete evidence of active exploitation. The agency requires federal agencies to patch KEV-listed flaws within specific timeframes, usually 14 to 21 days.
Related story: The attack that changed cybersecurity forever: one compromised software update, 18,000 affected organizations, and a new era of supply chain threats.
The Impact
Federal agencies now face a mandatory deadline to patch their SolarWinds Serv-U installations or remove the software entirely. CISA’s KEV designation carries legal weight for government organizations under the Biden administration’s cybersecurity directives.
Private sector organizations should treat this as an urgent security priority. While not legally required to follow KEV timelines, companies using Serv-U face the same attack vectors that prompted CISA’s warning. File transfer software represents a particularly attractive target because it often handles sensitive data and maintains network access.
The vulnerability adds to mounting concerns about SolarWinds products following the company’s history of security incidents. Organizations may need to reassess their risk tolerance for SolarWinds software or implement additional monitoring and controls.
How to Avoid This
Organizations running SolarWinds Serv-U should immediately check their version numbers and apply available security patches. SolarWinds released fixes for the vulnerability, and administrators should prioritize this update over routine maintenance.
- If immediate patching isn’t possible, consider temporarily disabling Serv-U services or restricting network access until updates can be applied.
- Network monitoring tools should watch for unusual file transfer activity or unauthorized access attempts.
- Longer term, organizations might evaluate alternative file transfer solutions or implement additional security layers around SolarWinds products.
- This includes network segmentation, enhanced logging, and regular security audits of file transfer infrastructure.
