CVE-2026-28318
published 2026-06-04CVE-2026-28318: SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate…
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-06-19
Exploited in the wild
EPSS
10.66%
95.2th percentile
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | serv-u | < 15.5.4 | 15.5.4 |
| solarwinds | serv-u | — | — |
| solarwinds | serv-u | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Block any HTTP POST request containing the 'content-encoding' header targeting Serv-U, as the vulnerable service does not require this functionality. ↗
- →Detect unauthenticated HTTP POST requests using Content-Encoding: deflate directed at Serv-U file transfer servers as a strong indicator of CVE-2026-28318 exploitation attempts. ↗
- →Monitor for unexpected Serv-U service crashes, which may indicate active exploitation of this DoS vulnerability. ↗
- ·Exploitation requires no authentication, no privileges, and no user interaction, making network-level blocking of the specific header the primary pre-patch mitigation. ↗
- ·Limit access to Serv-U to known/trusted IP addresses as an additional mitigation when patching cannot be immediately deployed. ↗
- ·Over 12,000 Serv-U servers are exposed online per Shodan, and over 3,100 per Shadowserver, representing a large unpatched attack surface. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
cisa·2026-06-05·CVSS 7.5
CVE-2026-28318 [HIGH] CWE-400 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
Vulnerability: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
Affected: SolarWinds Serv-U
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318 ; https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm#link7 ; https://nvd.nist.gov/vuln/detail/CVE-2026-28318
Remediation Due Date: 20
VulDB
SolarWinds Serv-U resource consumption
vuldb·2026-06-04·CVSS 7.5
CVE-2026-28318 [HIGH] SolarWinds Serv-U resource consumption
A vulnerability categorized as problematic has been discovered in SolarWinds Serv-U. This affects an unknown part. Such manipulation leads to resource consumption.
This vulnerability is listed as CVE-2026-28318. The attack may be performed from remote. There is no available exploit.
GHSA
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.
ghsa_unreviewed·2026-06-04
CVE-2026-28318 [HIGH] CWE-400 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
VulnCheck
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
vulncheck·2026·CVSS 7.5
CVE-2026-28318 [HIGH] CWE-400 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Affected: SolarWinds Serv-U
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2026-06-19
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
blogs_hackernews·2026-06-08·CVSS 8.4
CVE-2025-48595 [HIGH] ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.
A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and stealing it bit by bit.
Lots to cover. Grab coffee. Read up.
## ⚡ Threat of the Week
Miasma Worm Hits 73 Microsoft GitHub Repositories in Supply Chain
Checkpoint
8th June – Threat Intelligence Report
blogs_checkpoint·2026-06-08
CVE-2025-48595 8th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 8th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has suffered a data breach after threat group ShinyHunters leaked exfiltrated data. Analysts assessed that 2.6 million accounts were exposed, including names, emails, government IDs, and health insurance details.
Password manager Dashlane has disclosed an attack
Hackernews
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
blogs_hackernews·2026-06-06·CVSS 7.5
CVE-2026-28318 [HIGH] CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions. CISA described it as an uncontrolled resource consumption vulnerability that results in a DoS condition.
"SolarWinds Serv-U is susceptible
Bleepingcomputer
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
blogs_bleepingcomputer·2026-06-05·CVSS 7.5
CVE-2026-28318 [HIGH] CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
## CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
## Sergiu Gatlan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers.
Serv-U is the company's Windows and Linux file transfer software that offers Managed File Transfer (MFT) and FTP server capabilities, which allow users to securely exchange files via HTTP/HTTPS, FTP, FTPS, and SFTP.
SolarWinds released Serv-U 15.5.4 Hotfix 1 on Thursday to patch this denial-of-service vulnerability (tracked as CVE-2026-28318 ) and said it stems from an uncontrolled resource consumption weakness.
"SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service w
2026-06-04
Published
2026-06-05
Added to CISA KEV
Exploited in the wild