What is CVE-2026-28318?
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
CISA Known Exploited Vulnerability
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
Affected product
SolarWinds Serv-U
Remediation Steps
- Apply the vendor patch from SolarWinds for Serv-U
- Review Serv-U resource usage and access controls
- Monitor file transfer logs for anomalous activity
- Restrict Serv-U access to required network segments only
References
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318
- https://nvd.nist.gov/vuln/detail/CVE-2026-28318
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Coverage on defend.network
- Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.