CVE-2026-28318 – SolarWinds Serv-U
CVSS 7.5
IMPORTANT
Critical or Zero Day – Immediate Deployment
“A simple network request should never be able to take down a critical file transfer service.”
SolarWinds patched CVE-2026-28318 in Serv-U. This vulnerability allows an unauthenticated attacker to send specially crafted POST requests using Content-Encoding: deflate that can crash the Serv-U service, resulting in a denial-of-service condition. The CVSS score is 7.5, which is High severity.
This issue does not require authentication or user interaction to exploit. Active exploitation has been reported. SolarWinds has provided mitigation guidance for customers who cannot immediately deploy the update.
Key Details
- Affected Product
- Solarwinds Serv-u
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-400
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.