Loading…

Cookies and privacy

We use strictly necessary cookies to run the site. With your permission we also load Vercel Web Analytics and Speed Insights to measure traffic and performance in aggregate. See our Cookie Policy and Privacy Policy.

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability · Scorifya

CVE detail

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

SolarWinds · Serv-U

Date added (KEV): Jun 05, 2026
CISA due date: Jun 19, 2026
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318 ; https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm#link7 ; https://nvd.nist.gov/vuln/detail/CVE-2026-28318

See what attackers can see on your domain

This vulnerability is on CISA's Known Exploited Vulnerabilities list, so it is being exploited in the wild right now. Scorifya can't test for SolarWinds directly, but in about 30 seconds it shows what your own domain exposes publicly across TLS, security headers, DNS, and cookies: the surface attackers probe first.

Run a free scan Methodology

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318Vendor Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htmRelease Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318US Government Resource

Other recent CVEs from SolarWinds

CVE-2025-26399Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2025-40536Web Help Desk — SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVE-2025-40551Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2024-28987Web Help Desk — SolarWinds Web Help Desk Hardcoded Credential Vulnerability
CVE-2024-28986Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability