CVE-2026-28318
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability - [Actively Exploited]
Description
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
INFO
Published Date :
June 4, 2026, 3:16 p.m.
Last Modified :
June 5, 2026, 7:32 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318 ; https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm#link7 ; https://nvd.nist.gov/vuln/detail/CVE-2026-28318
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 49f11609-934d-4621-84e6-e02e032104d6 | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Deploy the vendor update when available.
- Follow provided mitigation steps from the vendor.
- Ensure proper authentication and input validation.
Public PoC/Exploit Available at Github
CVE-2026-28318 has a 10 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-28318.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-28318 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-28318
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
Python
SolarWinds Serv-U CVE-2026-28318: unauthenticated Content-Encoding: deflate crash. Root-cause analysis (invalid free of an interior pointer -> heap corruption) + DoS-only PoC. Fixed in 15.5.4 Hotfix 1.
Python
None
None
Global threat-intelligence platform — aggregates public cyber threat feeds (CISA KEV, abuse.ch Feodo/URLhaus, NVD) into a real-time dashboard with world threat map, live indicator feed, CVE panel, and scheduled DingTalk/Telegram alerts.
JavaScript TypeScript HTML CSS Dockerfile Python
Personal AI system built in Python cybersecurity, OSINT, sports prediction, darknet scanning, and autonomous reasoning.
Python
Security Tracker
Python
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.
cve json rss cgn cisa kev
Python HTML
None
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-28318 vulnerability anywhere in the article.
-
TheCyberThrone
CISA KEV Update — Cisco Catalyst SD-WAN, Google Chrome V8 & Arista EOS
CISA added three new vulnerabilities to its Known Exploited Vulnerabilities catalog on June 9, 2026: CVE-2026-20245 (Cisco Catalyst SD-WAN Manager), CVE-2026-11645 (Google Chromium V8), and CVE-2026-7 ... Read more
-
TheCyberThrone
Microsoft Patch Tuesday — June 2026
Microsoft’s June 2026 Patch Tuesday is the largest release since the Patch Tuesday program began, surpassing the previous record of 167 CVEs set in October 2025. This month’s release addresses 206 vul ... Read more
-
TheCyberThrone
CISA adds BerriAI LiteLLM & Check Point Security Gateway to KEV
CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog on June 8, 2026, confirming active exploitation of both. The two entries are CVE-2026-42271 (BerriAI LiteLLM Command Injec ... Read more
-
TheCyberThrone
CVE-2026-28318 — SolarWinds Serv-U DoS added to CISA KEV
June 8, 2026CVE: CVE-2026-28318CVSS Score: 7.5 (High)CWE: CWE-400 — Uncontrolled Resource ConsumptionKEV Added: June 5, 2026FCEB Remediation Deadline: June 19, 2026Vulnerability OverviewThe vulnerabil ... Read more
-
security.nl
Aanvallers laten SolarWinds Serv-U FTP-servers via nieuw lek crashen
Aanvallers maken actief misbruik van een nieuw beveiligingslek in SolarWinds Serv-U om FTP-servers te laten crashen, zo waarschuwt het Amerikaanse cyberagentschap CISA. Een hotfix is sinds 3 juni besc ... Read more
-
The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnera ... Read more
-
CybersecurityNews
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors a ... Read more
The following table lists the changes that have been made to the
CVE-2026-28318 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Jun. 05, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318 Types: US Government Resource -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jun. 05, 2026
Action Type Old Value New Value Added Date Added 2026-06-05 Added Due Date 2026-06-05 Added Required Action 2026-06-05 Added Vulnerability Name 2026-06-05 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 05, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318 -
Initial Analysis by [email protected]
Jun. 04, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* versions up to (excluding) 15.5.4 *cpe:2.3:a:solarwinds:serv-u:15.5.4:-:*:*:*:*:*:* Added Reference Type SolarWinds: https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm Types: Release Notes Added Reference Type SolarWinds: https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318 Types: Vendor Advisory -
New CVE Received by [email protected]
Jun. 04, 2026
Action Type Old Value New Value Added Description SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-400 Added Reference https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm Added Reference https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318