A denial of service vulnerability in SolarWinds Serv-U allows unauthenticated attackers to crash the service using specially crafted POST requests with deflate encoding. The flaw requires no authentication and can be exploited remotely. CISA has added this to its Known Exploited Vulnerabilities catalog with a remediation deadline of June 19, 2026.

Why it matters in Western Canada: Organizations across Western Canada using SolarWinds Serv-U for file transfer services face potential service disruptions. Government agencies, post-secondary institutions, and energy sector operators relying on this software should prioritize vulnerability assessment and patching.

CVEs: CVE-2026-28318

---

Summary generated from the original advisory. Read the full source: cisa-kev