CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

CISA added CVE-2026-28318, a critical DoS vulnerability in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog.

• •The CVSS 7.5 flaw is caused by specially crafted POST requests with Content-Encoding: deflate
• •Service crashes without requiring authentication
• •Fixed in version 15.5.4 HF1; mitigate by blocking content-encoding requests
• •CISA ordered Federal agencies to patch by June 19, 2026

This summary was automatically generated by AI based on the original article and may not be fully accurate.