Exposures › CVE-2026-28318
SolarWinds Serv-U allows unauthenticated service crashes via crafted POST requests with a specific Content-Encoding header.
This vulnerability enables denial-of-service through resource exhaustion without requiring authentication, exposing SolarWinds-managed systems to disruption. DIB organizations must patch immediately to prevent service outages that could compromise sensitive data access or operational continuity.
Shame score — A denial-of-service vulnerability that does not require authentication but still poses significant operational risk to critical infrastructure.
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
No correlated FedRAMP products.