CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added a new vulnerability, CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This vulnerability in SolarWinds Serv-U poses significant risks and is a common attack vector for malicious actors.
IFF Assessment
The addition of a known exploited vulnerability to CISA's catalog indicates an active threat that defenders must address.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: June 19, 2026. Known ransomware use: Unknown.
Defender Context
Defenders need to be aware of newly added vulnerabilities to CISA's KEV catalog, as these are actively exploited and pose an immediate threat. Prioritizing the remediation of these identified vulnerabilities is crucial for reducing the attack surface and protecting against active threats.