{
  "title": "SolarWinds Serv-U CVE-2026-28318: KEV Denial of Service Vulnerability in Managed File Transfer",
  "summary": "CISA added SolarWinds Serv-U CVE-2026-28318 to KEV on 2026-06-05, indicating active exploitation. The high-severity vulnerability allows remote, unauthenticated attackers to cause a Denial of Service (DoS) by sending specially crafted HTTP POST requests with a Content-Encoding: deflate header. SolarWinds has released version 15.5.4 Hotfix 1 to address the flaw.",
  "date": "2026-06-05",
  "severity": "high",
  "tags": [
    "solarwinds",
    "serv-u",
    "cisa-kev",
    "dos",
    "uncontrolled-resource-consumption"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "solarwinds-serv-u-cve-2026-28318-kev",
    "since": "2026-06-05T00:00:00Z",
    "until": "2026-06-05T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-28318"
    ],
    "cwes": [
      "CWE-400"
    ],
    "advisoryIds": [],
    "products": [
      "Serv-U"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}