criticalCISA KEVCVE-2026-28318

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

ProductServ-U
CVSS7.5
EPSS0.10659
UpdatedJuly 9, 2026

Quick answer

SolarWinds Serv-U should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • 15.5.4

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Upgrade SolarWinds Serv-U to the fixed release or hotfix and restrict file-transfer service exposure. Because Serv-U handles credentials and external file uploads, remediation should include log review, user cleanup, and credential rotation.

  1. Inventory all Serv-U FTP, FTPS, SFTP, and gateway servers, including internet-facing and partner-facing deployments.
  2. Install the SolarWinds fixed Serv-U release or hotfix identified in the vendor advisory.
  3. Restrict Serv-U management and file-transfer access to approved networks, partners, and VPN paths where possible.
  4. Disable unused protocols, anonymous access, legacy ciphers, and unnecessary virtual folders.
  5. Review Serv-U domain users, admin accounts, SSH keys, file permissions, scripts, and event rules for unauthorized changes.
  6. Inspect logs, crash reports, uploaded files, and outbound connections from the vulnerable window.
  7. Rotate Serv-U administrator credentials, user passwords, SSH keys, API credentials, and downstream secrets if compromise is suspected.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm the Serv-U version and hotfix level match the SolarWinds fixed guidance.
  • Validate management access is not reachable from untrusted networks.
  • Review Serv-U logs for failed exploit attempts, unexpected logins, file uploads, or rule changes.
  • Test approved FTP/SFTP transfer workflows after the update.
  • Run a Fixnx scan and confirm no public management interface or vulnerable service guidance is exposed.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-28318?

SolarWinds Serv-U versions listed as affected should be reviewed: 15.5.4.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.