AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesJune 4, 2026CVE-2026-28318

Summary

SolarWinds Serv-U has a vulnerability that allows attackers to crash the service by sending specially crafted requests with a specific header (Content-Encoding: deflate) without needing to log in first. This flaw is currently being exploited by attackers in the real world.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See SolarWinds security advisories and release notes (Serv-U 15.5.4 Hotfix 1) for specific patching details.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

June 4, 2026

Classification

Attack SophisticationTrivial

Impact (CIA+S)

availability

Taxonomy References

CWE (Weakness Type)

CWE-400

CAPEC (Attack Pattern)

CAPEC-125 CAPEC-130

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-28318

First tracked: June 5, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%