KEVIntel
PRO Back to KEVs
7.5
CVSS
High

CVE-2026-28318

PUBLISHED

SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

Exploited in the wild Remote Low complexity No user interaction
Vendor
SolarWinds
Product
Serv-U
Published
Jun 04, 2026
EPSS
0.1% · 20% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

cisa

Weaknesses (CWE)

  • CWE-400

    The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-05 18:00:37 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA First 2026-06-05 18:00 UTC
CVE 2026-06-05 18:11 UTC
All CISA Advisories 2026-06-05 19:20 UTC
TheHackerNews 2026-06-06 09:20 UTC

Recent mentions

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

TheHackerNews · Jun 06, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash

CISA Adds One Known Exploited Vulnerability to Catalog

All CISA Advisories · Jun 05, 2026

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • KEV confirmed by CVE

  • KEV confirmed by All CISA Advisories

  • KEV confirmed by TheHackerNews