Good day everyone !

SolarWinds has disclosed an actively exploited zero-day affecting SolarWinds Serv-U. The vulnerability has been patched in an updated Serv-U release, and organizations are strongly advised to ensure systems are running the latest fixed version. They should also review exposure to internet-facing Serv-U deployments that remain relevant in active threat landscapes.

CVE-2026-28318 – Denial-of-Service Vulnerability

CVSS Score: 7.5
Impact: Denial of Service
Affected Component: SolarWinds Serv-U

According to SolarWinds, the vulnerability could allow an unauthenticated attacker to cause the Serv-U service to crash by sending specially crafted requests. To patch this vulnerability, upgrade SolarWinds Serv-U to the latest fixed version provided by the vendor.

Mitigation Steps:

• Limit access to known or trusted addresses wherever possible.

• Block any POST request containing the “content-encoding” header, as this functionality is not required by the service.