CVE-2026-28318

HighKnown Exploited

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using…

SolarWinds·CWE-400·Published 2026-06-04

CVSS

7.5

EPSS

0.01

KEV

Yes

Exploits

cve.orgen

285 chars

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

NVDen

285 chars

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H