{"id":227154,"date":"2026-06-06T04:14:00","date_gmt":"2026-06-06T08:14:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/06\/cisa-adds-actively-exploited-solarwinds-serv-u-dos-flaw-to-kev-catalog\/"},"modified":"2026-06-06T04:20:21","modified_gmt":"2026-06-06T08:20:21","slug":"cisa-adds-actively-exploited-solarwinds-serv-u-dos-flaw-to-kev-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/06\/cisa-adds-actively-exploited-solarwinds-serv-u-dos-flaw-to-kev-catalog\/","title":{"rendered":"CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisa-adds-actively-exploited-solarwinds.html\">CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisa-adds-actively-exploited-solarwinds.html\">https:\/\/thehackernews.com\/2026\/06\/cisa-adds-actively-exploited-solarwinds.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-06 04:14:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\ue804Ravie Lakshmanan\ue802Jun 06, 2026Vulnerability \/ Patch Management<br \/>\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U  multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.<\/p>\n<p>The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions. CISA described it as an uncontrolled resource consumption vulnerability that results in a DoS condition.<\/p>\n<p>&#8220;SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,&#8221; SolarWinds said in an advisory released earlier this week.<\/p>\n<p>The issue has been addressed in SolarWinds Serv-U version 15.5.4 HF1. As mitigations, it&#8217;s advised to limit access to known addresses and block any request containing &#8220;content-encoding&#8221; since the vulnerable service does not require this functionality.<\/p>\n<p>There are currently no details on how the vulnerability is being exploited in real-world attacks, or who is behind them. It&#8217;s also unclear how many internet-exposed Serv-U instances are compromised, if any.<\/p>\n<p>CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address the flaw by June 19, 2026. In the past, multiple flaws in Serv-U have been exploited by bad actors, including those associated with the Cl0p ransomware gang.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog https:\/\/thehackernews.com\/2026\/06\/cisa-adds-actively-exploited-solarwinds.html Publish Date: 2026-06-06&#8230;<\/p>\n","protected":false},"author":1,"featured_media":227155,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiQ_ZbsHhh5kUS5501itVSeBa91H50qNfHH_PQ1_2WEDLi-B_eKslYeu1_43fNAW55Z9TVR5ae8ZIGDm4vZQS0B7IHvG9Gdp4Knzt8QB1E7317tyEVhJYR8xo1HJ_vf6Ynrdtfj_u-pcryZ5NVulL7vw_9KLaGomIjKe40GYClUu-FDtXXwuKAfK7V8mKN-\/s1600\/solarwinds-serv-u.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-227154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227154"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=227154"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227154\/revisions"}],"predecessor-version":[{"id":227156,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227154\/revisions\/227156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/227155"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=227154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=227154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=227154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}