What is CVE-2026-28318?

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure custom...

How severe is CVE-2026-28318?

CVE-2026-28318 is rated high severity with a CVSS score of 7.5 out of 10.

Is CVE-2026-28318 actively exploited?

Yes. CISA has added CVE-2026-28318 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. US federal agencies are required to patch KEV entries within mandated timelines.

What products are affected by CVE-2026-28318?

CVE-2026-28318 affects Solarwinds Serv-U. Check vendor advisories for specific affected versions.

How do I fix CVE-2026-28318?

The vendor has published a patch — see the "Vendor Patch" link in the references section. If you cannot patch immediately, review mitigation guidance in this advisory and monitor for exploitation attempts.

Serv-U crash via unauth POST (CVE-2026-28318)

Actively exploited in the wild - CVE-2026-28318 is a high-severity denial-of-service vulnerability in SolarWinds Serv-U that lets unauthenticated attackers crash the service using specially crafted POST requests with Content-Encoding: deflate. Patches are available; apply updates or mitigate via the Trust Center if patching is delayed.

Overview

CVE-2026-28318 affects SolarWinds Serv-U, a managed file transfer application. The vulnerability resides in how Serv-U processes HTTP POST requests with the Content-Encoding: deflate header. By sending a crafted request, an unauthenticated attacker can trigger a crash of the Serv-U service, causing a denial-of-service condition. The attack requires no authentication, no user interaction, and can be performed over the network with low complexity.

Impact

A successful exploit results in the Serv-U service process crashing, denying legitimate users access to file transfer operations. While this is a denial-of-service (availability impact) rather than a data breach vector, the unauthenticated nature and active exploitation in the wild make it a critical priority for affected organizations. CISA has added this CVE to its Known Exploited Vulnerabilities (KEV) catalog.

Affected Versions

SolarWinds Serv-U versions prior to the patched release are affected. Check the SolarWinds Trust Center for the exact version range.

Remediation

SolarWinds has released a security update addressing CVE-2026-28318. Deploy the latest version of Serv-U from the SolarWinds Trust Center immediately. If you cannot apply the update, implement mitigations as detailed in the SolarWinds security advisory, such as restricting network access to the Serv-U management interface and applying web application firewall rules to block suspicious Content-Encoding: deflate requests.

Security Insight

This vulnerability underscores a recurring pattern in enterprise file-transfer and managed-services software: encoding-handler flaws that require no authentication to exploit. The active exploitation of this crash bug suggests it may be used as a precursor to more damaging attacks, such as service takeover or ransomware deployment. SolarWinds customers should treat this as a proof point that even availability-impact vulnerabilities deserve immediate patching when they appear on the CISA KEV list.

Serv-U crash via unauth POST (CVE-2026-28318)

Overview

Impact

Affected Versions

Remediation

Security Insight

Further Reading

Never miss a critical vulnerability

Related Advisories

Other Solarwinds Serv-U Vulnerabilities

Overview

Impact

Affected Versions

Remediation

Security Insight

Further Reading

Never miss a critical vulnerability

Related Advisories

Other Solarwinds Serv-U Vulnerabilities

Never Miss a Critical Alert