Zero-Day in SolarWinds Serv-U Managed File Transfer...

Zero-Day in SolarWinds Serv-U Managed File Transfer Exploited in the Wild (CVE-2021-35211)

Last week, SolarWinds published a security advisory for a vulnerability in its Serv-U Managed File Transfer Server software. The vulnerability, identified as CVE-2021-35211, is a remote memory escape vulnerability. It was discovered by researchers at Microsoft’s Threat Intelligence Center, who found that it had been exploited in the wild in a “limited, targeted” set of attacks.

Microsoft published a blog post, which shed light on its discovery, including attributing it to an unnamed group they call DEV-0322.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Zero-Day in SolarWinds Serv-U Managed File Transfer...

Recent Discussions

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Americas

Europe

Asia / Australia