HIGHVulnerability
Verified
Global

CISA KEV: SolarWinds Serv-U — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

Analysis

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-05. Remediation due: 2026-06-19.

Indicators of Compromise (1)

CVE (1)
CVE-2026-28318
Source Attribution

Originally published by CISA KEV on Jun 5, 2026. Verified by: CISA.

Related Threats