CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw

SolarWinds Serv-U (CVE-2026-28318) contains an uncontrolled resource consumption flaw (CWE-400) allowing unauthenticated remote actors to trigger a DoS via crafted POST requests with the Content-Encoding:deflate header; CISA added the CVE to its KEV catalog due to observed active exploitation, federal agencies are required to remediate under BOD 22-01, and SolarWinds has released a 15.5.4 Hotfix 1 patch with mitigations recommended.