SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Affected Products

Vendor	Product	Versions
solarwinds	serv-u	15.5.4 and previous versions

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
solarwinds	serv-u	cert_advisory	90%

References

Related News (3 articles)

Tier B

BSI Advisories10h ago

[NEU] [mittel] SolarWinds Serv-U: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier B

CCCS Canada1d ago

SolarWinds security advisory (AV26-549)

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-28318 | SolarWinds Serv-U resource consumption

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-400

PublishedJun 4, 2026

Last enriched1d agov2

Trending Score130🔥

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 1d ago

v2Tier B1d ago

Updated affected versions to include '15.5.4 HF1' and marked exploit availability and active exploitation as true.

affectedVersionsexploitAvailableactivelyExploited

via CCCS Canada

v11d ago

Initial creation

SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

Description

Affected Products

Also Affects

References

Related News (3 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History