Zero-Day Alert: SolarWinds Serv-U Denial-of-Service Vulnerability CVE-2026-28318

Zero-Day Alert: SolarWinds Serv-U Denial-of-Service Vulnerability CVE-2026-28318

Good day everyone !


SolarWinds has disclosed an actively exploited zero-day affecting SolarWinds Serv-U. The vulnerability has been patched in an updated Serv-U release, and organizations are strongly advised to ensure systems are running the latest fixed version. They should also review exposure to internet-facing Serv-U deployments that remain relevant in active threat landscapes.


CVE-2026-28318 – Denial-of-Service Vulnerability

CVSS Score: 7.5
Impact: Denial of Service
Affected Component: SolarWinds Serv-U

According to SolarWinds, the vulnerability could allow an unauthenticated attacker to cause the Serv-U service to crash by sending specially crafted requests. To patch this vulnerability, upgrade SolarWinds Serv-U to the latest fixed version provided by the vendor.


Mitigation Steps:

  • Limit access to known or trusted addresses wherever possible.

  • Block any POST request containing the “content-encoding” header, as this functionality is not required by the service.


Regards,
The ManageEngine Team


              New to M365 Manager Plus?
              New to M365 Manager Plus?
                New to RecoveryManager Plus?
                New to RecoveryManager Plus?
                  New to Exchange Reporter Plus?
                  New to Exchange Reporter Plus?
                    New to SharePoint Manager Plus?
                    New to SharePoint Manager Plus?
                      See all integrations
                      New to ADManager Plus?
                      See all integrations
                      New to ADManager Plus?

                        New to ADSelfService Plus?

                        Start your free trial
                        Start your free trial
                          Related Products