Tag

#solarwinds

2 posts tagged #solarwinds.

Analysis · Jun 8, 2026 · Colten Anderson

A crash got a federal patch deadline. Here's why that's the right call

CVE-2026-28318 is a 7.5 denial-of-service bug in SolarWinds Serv-U, the kind that usually waits. CISA listed it on KEV two days after the fix shipped. The prioritization logic behind that is the story.
Analysis · May 20, 2026 · Colten Anderson

SolarWinds Serv-U: a state actor's zero-day in yet another file-transfer product

CVE-2021-35211 was a zero-day RCE in SolarWinds Serv-U, exploited by a China-nexus actor weeks after the SUNBURST headlines faded. It's another managed-file-transfer product turned into a foothold, the category attackers keep returning to.