Executive Summary
CISA added CVE-2026-28318 to the Known Exploited Vulnerabilities catalog on 2026-06-05, warning of active exploitation in the wild [cisa.gov opens in a new tab]. The vulnerability affects SolarWinds Serv-U managed file transfer software. It is an uncontrolled resource consumption flaw (CWE-400) that allows a remote, unauthenticated attacker to cause a Denial of Service (DoS) condition by crashing the Serv-U service [cisa.gov opens in a new tab] [solarwinds.com opens in a new tab].
The crash is triggered by sending a specially crafted HTTP POST request that includes the header Content-Encoding: deflate [solarwinds.com opens in a new tab] [bleepingcomputer.com opens in a new tab]. SolarWinds released Serv-U version 15.5.4 Hotfix 1 to remediate the vulnerability [solarwinds.com opens in a new tab]. Administrators are strongly advised to patch their servers immediately or apply temporary mitigations such as blocking POST requests containing the Content-Encoding header or restricting access to trusted IP addresses [solarwinds.com opens in a new tab].