CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
Summary
A critical vulnerability (CVE-2026-28318) has been identified in SolarWinds Serv-U, allowing unauthenticated attackers to crash the service by sending specially crafted POST requests with a "Content-Encoding: deflate" header. This uncontrolled resource consumption flaw necessitates immediate mitigation or discontinuation of the product if patches are unavailable.
IFF Assessment
This vulnerability allows for unauthenticated denial-of-service attacks, which can disrupt services and potentially be a stepping stone for further exploitation.
Severity
The vulnerability allows for unauthenticated access to trigger a denial-of-service condition, impacting the availability of the Serv-U service. The CVSS score reflects the critical nature of an unauthenticated crash vulnerability.
CISA KEV: Listed as actively exploited. Federal patch due: June 19, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must be aware of this critical vulnerability in SolarWinds Serv-U and prioritize applying vendor-provided mitigations or consider discontinuing use if unable to patch. The ease of exploitation without authentication makes this a prime target for disruption, and organizations should monitor for any unusual Serv-U service behavior.