Managed-File-Transfer

vulnerabilities 2026-06-06
SolarWinds Serv-U DoS Flaw CVE-2026-28318 Hits CISA KEV as Attackers Crash File Transfer Servers
CISA added SolarWinds Serv-U CVE-2026-28318 to its KEV catalog after attackers began crashing file transfer servers with a single unauthenticated deflate-encoded POST. Patch to 15.5.4 HF1.
solarwinds serv-u cisa-kev managed-file-transfer dos cve-2026-28318
vulnerability 2026-05-04
MOVEit Automation Hit With CVSS 9.8 Auth Bypass: CVE-2026-4670 Grants Admin Without Credentials
Progress patches a 9.8-severity authentication bypass plus a 7.7 privilege escalation in MOVEit Automation; Airbus reported both, no in-the-wild exploitation yet but the MFT family's track record demands immediate patching.
moveit progress-software cve-2026-4670 cve-2026-5174 authentication-bypass managed-file-transfer airbus

SolarWinds Serv-U DoS Flaw CVE-2026-28318 Hits CISA KEV as Attackers Crash File Transfer Servers