CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are...
CVE-2026-28318CVSS 7.5CISA KEVKnown Exploited

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are...

CVSS
7.5 HIGH
EPSS
95.26%
Known exploited
yes
Product
Serv-U

What is known

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Sources