SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
[POC] CVE-2026-28318 — servu-cve-2026-28318-poc
SolarWinds Serv-U CVE-2026-28318: unauthenticated Content-Encoding: deflate crash. Root-cause analysis (invalid free of an interior pointer -> heap corruption) + DoS-only PoC. Fixed in 15.5.4 Hotfix 1.
[POC] CVE-2026-28318 — CVE-2026-28318-check
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free