HighCISA KEVExploited in the wildPublic exploit

Unauthenticated DoS in SolarWinds Serv-U via deflate POST requests

IdentifiersCVE-2026-28318CWE-400· Uncontrolled Resource Consumption

CVE-2026-28318 is an uncontrolled resource consumption vulnerability in SolarWinds Serv-U affecting versions prior to 15.5.4 Hotfix 1. According to the provided content, the flaw can be triggered remotely without authentication by sending specially crafted HTTP POST requests that include the header "Content-Encoding: deflate," causing the Serv-U service to crash. The issue affects SolarWinds Serv-U on Windows and Linux and results in an unauthenticated denial-of-service condition rather than code execution.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote, unauthenticated attacker to crash the SolarWinds Serv-U service, causing denial of service and interrupting managed file transfer and FTP-related functionality exposed by the product. The content also states that CISA has evidence of active exploitation in the wild and added the vulnerability to the KEV Catalog, indicating real-world operational risk.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, apply the vendor mitigation guidance referenced in the SolarWinds Trust Center. Based on the provided content, recommended interim measures include limiting access to known/trusted addresses and blocking POST requests containing the "Content-Encoding" header, since the vulnerable Serv-U service does not require that functionality.

Remediation

Patch, then assume compromise.

Upgrade SolarWinds Serv-U to version 15.5.4 Hotfix 1 or later. The provided content states that SolarWinds released Serv-U 15.5.4 Hotfix 1 specifically to address CVE-2026-28318.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

SolarWindsServ-Uapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

15 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

15 SOURCESView more in app

bleeping computerNews

Jun 5, 2026

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

A high-severity denial-of-service vulnerability in SolarWinds Serv-U caused by uncontrolled resource consumption, exploitable via specially crafted unauthenticated POST requests using Content-Encoding: deflate to crash the Serv-U service.

ca ccsNews

Jun 4, 2026

SolarWinds security advisory (AV26-549) - Canadian Centre for Cyber Security

An unauthenticated denial-of-service vulnerability affecting SolarWinds Serv-U in versions prior to 15.5.4 HF1.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity12

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-28318

NVD

nvd.nist.gov/vuln/detail/CVE-2026-28318

MITRE CWE · CWE-400

Uncontrolled Resource Consumption

Vendor Advisory

solarwinds.com/trust-center/security-advisories/CVE-2026-28318

Release Notes

documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318