CVE-2026-28318

Known Exploited (CISA KEV)HIGH

8.5

CVSS Severity Score

EPSS Score31.2180%

EPSS Percentile95.08th

PublishedJun 5, 2026

Last ModifiedJun 12, 2026

Vulnerability Description

SolarWinds Serv-U is vulnerable to SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Platforms (CPE)

📦

SolarWinds

Serv-U

Refer to description

Related Vulnerabilities

CVE-2004-033010.0

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argu...

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-253210.0

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute ...