cbcvebase.
CVE-2026-28318
published 2026-06-04

CVE-2026-28318: SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate…

PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-06-19
Exploited in the wild
EPSS
10.66%
95.2th percentile
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Affected

3 ranges
VendorProductVersion rangeFixed in
solarwindsserv-u< 15.5.415.5.4
solarwindsserv-u
solarwindsserv-u

Detection & IOCsextracted from sources · hover to see the quote

versionSolarWinds Serv-U 15.5.4 HF1
  • Block any HTTP POST request containing the 'content-encoding' header targeting Serv-U, as the vulnerable service does not require this functionality.
  • Detect unauthenticated HTTP POST requests using Content-Encoding: deflate directed at Serv-U file transfer servers as a strong indicator of CVE-2026-28318 exploitation attempts.
  • Monitor for unexpected Serv-U service crashes, which may indicate active exploitation of this DoS vulnerability.
  • ·Exploitation requires no authentication, no privileges, and no user interaction, making network-level blocking of the specific header the primary pre-patch mitigation.
  • ·Limit access to Serv-U to known/trusted IP addresses as an additional mitigation when patching cannot be immediately deployed.
  • ·Over 12,000 Serv-U servers are exposed online per Shodan, and over 3,100 per Shadowserver, representing a large unpatched attack surface.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.