CVE-2026-28318

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1

Description SolarWinds Serv-U contains an uncontrolled resource consumption issue that allows an unauthenticated attacker to cause a denial of service. By sending specially crafted POST requests using the Content-Encoding: deflate header, the Serv-U service can be crashed. Over 12,000 instances are estimated to be exposed worldwide, and real-world exploitation has been observed.

Recommendations Update to version 15.5.4 Hotfix 1. Apply mitigations provided in the SolarWinds Trust Center if the update cannot be deployed.