CVE-2026-28318
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
04/06/2026
Last modified:
05/06/2026
Description
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* | 15.5.4 (excluding) | |
| cpe:2.3:a:solarwinds:serv-u:15.5.4:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



