CVE-2026-28318

HIGH7.5

CISA KEV

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

SolarWinds / Serv-U15.5.4 and previous versions – 15.5.4 and previous versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318
MISChttps://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm