CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

CISA added a high-severity denial-of-service vulnerability in SolarWinds Serv-U (CVE-2026-28318, CVSS 7.5) to its Known Exploited Vulnerabilities catalog citing evidence of active exploitation; specially crafted unauthenticated POST requests using Content-Encoding:deflate can crash the Serv-U service. SolarWinds released a fix in Serv-U 15.5.4 HF1, and mitigations include restricting access and blocking requests containing content-encoding; CISA directed federal agencies to remediate by June 19, 2026.