CVE-2026-28318

Warnung

Medienbericht

EPSS 10.66%
Veröffentlicht 04.06.2026 14:05:58
Zuletzt bearbeitet 05.06.2026 19:32:38
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 10

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Serv-u Version < 15.5.4

Solarwinds ≫ Serv-u Version15.5.4 Update-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

05.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Schwachstelle

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.66%	0.952

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@solarwinds.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

08.06.2026 16:25

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

08.06.2026 08:10

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

06.06.2026 11:09

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.06.2026 21:23

https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm

Release Notes

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2026-28318

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-28318

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-28318

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-28318

05.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog