- 167/2026
- High
SolarWinds has released a security update to address a vulnerability affecting SolarWinds Serv-U 15.5.4 and all prior versions.
The addressed vulnerability could allow the attacker to conduct denial-of-service attacks on the affected system via specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.
The addressed vulnerability:
SolarWinds Serv-U Unauthenticated Denial-of-Service Vulnerability (CVE-2026- 28318):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial-of-Service
It should be highlighted that the Cybersecurity and Infrastructure Security Agency (CISA) has warned that the vulnerability “CVE-2026-28318” is being actively exploited in the wild.
Vulnerabilities
CVE-2026-28318
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.