CVE-2026-28318

Published Jun 4, 2026

Last updated 4 days ago

Exploit knownCVSS high 7.5
Serv-U
SolarWinds Serv-U

Overview

Description
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
Source
psirt@solarwinds.com
NVD status
Analyzed
Products
serv-u

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
Exploit added on
Jun 5, 2026
Exploit action due
Jun 19, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@solarwinds.com
CWE-400

Social media

Hype score
Not currently trending

  1. CISA:パッチによりSolarWinds Serv-UのDoS脆弱性(CVE-2026-28318)が悪用されました CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) #HelpNetSecurity (Jun 8) https://t.co/ieuqowuDdW

    @foxbook

    9 Jun 2026

    217 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 【サイバーセキュリティ動向分析】 トレンドのセキュリティニュース(2026年6月時点) Cisco Catalyst SD-WAN Managerにゼロデイ脆弱性、悪用確認 https://t.co/eZgv9rE6np CISA、SolarWinds Serv-UのDoS脆弱性(CVE-2026-28318)をKEVカ

    @kenebeii

    7 Jun 2026

    164 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2018-17144 2 - CVE-2026-46243 3 - CVE-2026-49975 4 - CVE-2025-49113 5 - CVE-2026-28318 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Jun 2026

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Analyze HIGH-ENGAGEMENT X THREAD 1/4 🚨 Cyber Snapshot: June 6, 2026
CISA flags active SolarWinds Serv-U DoS exploits (CVE-2026-28318) just days after patch. Over 12k servers exposed. Chinese UNC5221 deploys new persistence malware. Cisco SD-WAN zero-day under attack. Patch N

    @seoscottsdale

    6 Jun 2026

    259 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 1/4 🚨 Cyber Snapshot: June 6, 2026 CISA flags active SolarWinds Serv-U DoS exploits (CVE-2026-28318) just days after patch. Over 12k servers exposed. Chinese UNC5221 deploys new persistence malware. Cisco SD-WAN zero-day under attack. Patch NOW. 🛡️ #CyberSecurity #CISA 2/

    @seoscottsdale

    6 Jun 2026

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2025-48595 2 - CVE-2026-28318 3 - CVE-2026-20245 4 - CVE-2018-17144 5 - CVE-2026-20230 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    6 Jun 2026

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40540
  2. An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40541
  3. A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40539
  4. A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40538
  5. A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.CVE-2025-40549

References

Sources include official advisories and independent security research.