Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

SolarWinds Serv-U 15.5.0 < 15.5.5

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4 HF1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1554hf1 advisory. - SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without...

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

VulnCheck KEV: CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

PT-2026-46239

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...

PT-2023-4106 · Cisco · Cisco Secure Web Appliance +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Web Appliance versions affected versions not specified Description: The issue is related to a flaw in the scanning mechanism of Cisco AsyncOS for Cisco Secure Web Appliance, specifically concerning inadequate access control. This...