SolarWinds Serv-U Unauthenticated Denial of Service Added to CISA KEV (CVE-2026-28318)

Scope: SolarWinds Serv-U (All Versions Prior to 15.5.4 HF1)

Severity: High

CISA added CVE-2026-28318 to its Known Exploited Vulnerabilities catalog on June 5, 2026, after confirming active exploitation of this uncontrolled resource consumption flaw that allows any unauthenticated remote attacker to crash the Serv-U service by sending specially crafted POST requests containing a Content-Encoding: deflate header, with no credentials, no prior access, and no user interaction required. Repeated exploitation keeps the service offline, disrupting all FTP, SFTP, and HTTP/S file transfers, potentially causing missed backups, data synchronization failures, and downstream workflow interruptions in any business process that depends on Serv-U for automated file exchange. Organizations must upgrade to Serv-U version 15.5.4 HF1 immediately; where patching cannot be done at once, SolarWinds specifically recommends blocking all POST requests containing the "content-encoding" header, as the Serv-U service has no legitimate requirement for this functionality, and restricting access to trusted IP addresses only. FCEB agencies must remediate by June 19, 2026 under BOD 22-01.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

SolarWinds Serv-U Unauthenticated Denial of Service Added to CISA KEV (CVE-2026-28318)

RELATED ADVISORIES

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

Recent Advisories

Categories