CVE-2026-28318

HIGH KEV

SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-28318 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 5, 2026. EIP tracks 4 public exploits from researchers including EaEa0001, BishopFox, jenniferreire26.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-28318, a memory corruption vulnerability in SolarWinds Serv-U. The exploit triggers a heap corruption crash by sending a crafted HTTP request with 'Content-Encoding: deflate' to the target server.

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Exploits (4)

github WORKING POC 1 stars
by EaEa0001 · pythondos
https://github.com/EaEa0001/servu-cve-2026-28318-poc

This repository contains a functional proof-of-concept exploit for CVE-2026-28318, a memory corruption vulnerability in SolarWinds Serv-U. The exploit triggers a heap corruption crash by sending a crafted HTTP request with 'Content-Encoding: deflate' to the target server.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Serv-U 15.5.4.108 and earlier versions without Hotfix 1
No auth needed
Prerequisites: Network access to the target Serv-U HTTP/HTTPS management port · Target server running a vulnerable version of Serv-U
devstral-2 · analyzed Jun 10, 2026 Full analysis →
github SCANNER
by BishopFox · pythonpoc
https://github.com/BishopFox/CVE-2026-28318-check

This repository contains a safe, non-destructive scanner for CVE-2026-28318, an unauthenticated denial-of-service vulnerability in SolarWinds Serv-U. The script sends a benign POST request with 'Content-Encoding: identity' to detect the absence of the HF1 patch without triggering the crash.

Classification
Scanner 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SolarWinds Serv-U <= 15.5.4.108
No auth needed
Prerequisites: Network access to the target Serv-U server
devstral-2 · analyzed Jun 13, 2026 Full analysis →
github SUSPICIOUS
by jenniferreire26 · poc
https://github.com/jenniferreire26/CVE-2026-28318

The repository lacks actual exploit code and instead redirects users to an external download link (tinyurl.com), which is a common tactic for distributing malware or monetizing fake exploits. The README provides minimal technical details about the vulnerability.

Classification
Suspicious 95%
Attack Type
Dos
Complexity
Theoretical
Reliability
Theoretical
Target: SolarWinds Serv-U before 15.5.4 and 15.5.4
No auth needed
Prerequisites: network access to the target SolarWinds Serv-U instance
devstral-2 · analyzed Jun 09, 2026 Full analysis →
github SUSPICIOUS
by johnniebozura31 · poc
https://github.com/johnniebozura31/CVE-2026-28318

The repository lacks actual exploit code and instead redirects users to an external download link (tinyurl.com). The README provides minimal technical details about the vulnerability, focusing on generic descriptions and mitigation steps rather than a technical analysis or functional PoC.

Classification
Suspicious 95%
Attack Type
Dos
Complexity
Theoretical
Reliability
Theoretical
Target: SolarWinds Serv-U before 15.5.4 and 15.5.4
No auth needed
Prerequisites: Network access to the target SolarWinds Serv-U instance
devstral-2 · analyzed Jun 07, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0626
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact partial

Details

CISA KEV 2026-06-05
VulnCheck KEV 2026-06-05
ENISA EUVD EUVD-2026-34268
CWE
CWE-400
Status published
Products (3)
solarwinds/serv-u 15.5.4
solarwinds/serv-u < 15.5.4
SolarWinds/Serv-U 15.5.4 and previous versions
Published Jun 04, 2026
KEV Added Jun 05, 2026
Tracked Since Jun 04, 2026