CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

CISA warns that a newly patched high-severity SolarWinds Serv-U vulnerability (CVE-2026-28318) is being actively exploited to crash Serv-U servers via specially crafted POST requests using Content-Encoding:deflate; SolarWinds released Serv-U 15.5.4 Hotfix 1, CISA added the flaw to its Known Exploited Vulnerabilities catalog, and federal agencies were ordered to patch immediately while defenders are urged to block or limit access until mitigations are deployed.