Cyber Resilience

CVE-2026-28318

HighCISA KEVActive ExploitationDDoSUpdated

Published: 04 June 2026

Published
04 June 2026
Modified
17 June 2026
KEV Added
05 June 2026
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.1066 95.2th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-28318 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Solarwinds Serv-U. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

SolarWinds Serv-U is affected by CVE-2026-28318, a denial-of-service vulnerability that allows the service to be crashed by specially crafted unauthenticated POST requests specifying Content-Encoding: deflate. The flaw is tracked under CWE-400 and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, no required privileges or user interaction, and high impact on availability.

An unauthenticated remote attacker can exploit the issue by sending a malicious POST request over the network, triggering uncontrolled resource consumption that terminates the Serv-U service and disrupts file-transfer operations for legitimate users.

SolarWinds has released Serv-U version 15.5.4 Hotfix 1 to address the flaw and published mitigation guidance in its Trust Center for environments that cannot immediately apply the update. The vulnerability also appears in the CISA Known Exploited Vulnerabilities catalog.

EPSS for the CVE remains flat at 0.0784 with no material increase after disclosure.

EU & UK References

Vulnerability details

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

CWE(s)
KEV Date Added
05 June 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote exploitation of public-facing Serv-U service (T1190) directly triggers application DoS via crafted requests causing resource exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

solarwinds
serv-u
15.5.4 · ≤ 15.5.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-5 directly requires protection against or limitation of DoS attacks from unauthenticated network requests that cause resource exhaustion and service crash.

prevent

SI-10 requires validation of all input (including HTTP headers such as Content-Encoding) to reject malformed or malicious POST requests before they trigger uncontrolled resource consumption.

prevent

SC-7 enables boundary devices to filter or deny specially crafted unauthenticated traffic targeting the Serv-U service before it reaches the application.

References