CISA has added CVE-2026-28318, a high-severity denial-of-service flaw in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. SolarWinds has released a fix in version 15.5.4 HF1 and recommends limiting access and blocking requests containing βcontent-encodingβ while FCEB agencies must remediate by June 19, 2026. #SolarWinds #Serv-U #CVE-2026-28318 #CISA
Keypoints
- CISA added CVE-2026-28318 to its KEV catalog.
- The flaw affects SolarWinds Serv-U file server software.
- Specially crafted POST requests can crash the service without authentication.
- SolarWinds fixed the issue in version 15.5.4 HF1.
- FCEB agencies must remediate the vulnerability by June 19, 2026.
Read More: https://thehackernews.com/2026/06/cisa-adds-actively-exploited-solarwinds.html