Vulnerability intelligence
CVE-2026-28318
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
CVSS Score
7.5
High
EPSS — Exploit Probability
7.8%
Riskier than 92% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-06-05
Remediation
Patch available
Federal deadline 2026-06-19
11 articles across 5 outlets · first covered Jun 5, 2026 · latest Jun 8, 2026
Tracked incidents
Coverage timeline
-
Critical flaw in SolarWinds ServU lets attackers drain resourcessecurityonline.info · Jun 8, 2026
-
CISA warns of DoS risk in SolarWinds Serv-U flaw CVE-2026-28318www.securityweek.com · Jun 8, 2026
-
Attackers exploit CVE-2026-28318 and Zip Slip in Collibra Agentsecurityonline.info · Jun 8, 2026
-
Verizon VoLTE flaw CVE-2026-28318 exposes calls to interceptionsecurityonline.info · Jun 8, 2026
-
SolarWinds ServU bug lets attackers drain system resourcessecurityonline.info · Jun 8, 2026
-
Cryptographic Sanctuaries: OpenAI Unveils “Lockdown Mode” to Counter Prompt Injection Riskssecurityonline.info · Jun 7, 2026
-
CISA flags SolarWinds ServU DoS bug CVE-2026-28318 for patchsecurityaffairs.com · Jun 6, 2026
-
CISA Warns of Actively Exploited SolarWinds Serv-U Flawsecurityonline.info · Jun 6, 2026
-
CISA warns of exploited SolarWinds Serv-U flaw, urges patchingwww.cisa.gov · Jun 5, 2026
-
CISA warns of active SolarWinds ServU exploit CVE-2026-28318www.cisa.gov · Jun 5, 2026
-
CISA adds CVE‑2026‑28318 to KEV after SolarWinds ServU attackscisa.gov · Jun 5, 2026