SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
Quick answer
SolarWinds Serv-U should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- 15.5.4
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Upgrade SolarWinds Serv-U to the fixed release or hotfix and restrict file-transfer service exposure. Because Serv-U handles credentials and external file uploads, remediation should include log review, user cleanup, and credential rotation.
- Inventory all Serv-U FTP, FTPS, SFTP, and gateway servers, including internet-facing and partner-facing deployments.
- Install the SolarWinds fixed Serv-U release or hotfix identified in the vendor advisory.
- Restrict Serv-U management and file-transfer access to approved networks, partners, and VPN paths where possible.
- Disable unused protocols, anonymous access, legacy ciphers, and unnecessary virtual folders.
- Review Serv-U domain users, admin accounts, SSH keys, file permissions, scripts, and event rules for unauthorized changes.
- Inspect logs, crash reports, uploaded files, and outbound connections from the vulnerable window.
- Rotate Serv-U administrator credentials, user passwords, SSH keys, API credentials, and downstream secrets if compromise is suspected.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm the Serv-U version and hotfix level match the SolarWinds fixed guidance.
- Validate management access is not reachable from untrusted networks.
- Review Serv-U logs for failed exploit attempts, unexpected logins, file uploads, or rule changes.
- Test approved FTP/SFTP transfer workflows after the update.
- Run a Fixnx scan and confirm no public management interface or vulnerable service guidance is exposed.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-28318?
SolarWinds Serv-U versions listed as affected should be reviewed: 15.5.4.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
