—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in SolarWinds Serv-U

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

SolarWinds Serv-U 15.5.4

Overview

A vulnerability has been reported in SolarWinds Serv-U which could be exploited by an attacker to cause denial of service attack on the targeted system.

Target Audience:

All organizations and individuals using SolarWinds products.

 

Risk Assessment:

Critical risks of service disruption.

Impact Assessment:

Potential for disruption of service, system compromise.

Description

SolarWinds Serv-U is an FTP server solution for secure, automated, and centralized file transfers, supporting FTP, FTPS, SFTP, and HTTP/S, as well as remote management and optional web-based file transfer access in the Managed File Transfer (MFT) edition.

This vulnerability exists in SolarWinds Serv-U due to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.

Successful exploitation of this vulnerability could allow an attacker to cause denial of service attack on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

http://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm

Vendor Information

SolarWinds

http://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm

References

SolarWinds

http://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm

CVE Name

CVE-2026-28318

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmooLX0ACgkQ3jCgcSdc

ys+PzQ/+OmfvmsJtS2So3mGpPSgBmf/zwURQiyLGkTKCNdENKmWRHA4VBM1oGpI0

eCI56nZgB9KNu9V3ouE4fkWX9CCOe+HeAQ+cFQVJR3+vh409KS0RNeVCHId770kH

b/bENf7XzRa/sUL2S/bfM5QyO44SkwqqnQGTB0wsEefcrylzNAdNx+5hkXDmh5nI

DkPmC3ohDqKhhAoZI0EJPKOOWPhE4/uc8b5teFBuc07jteVCoAXfU9vLfKtEl0NN

lARXNMh2L0MxOqwKcbuwdMdY0C/0hdFaR7mJuPHtCmaEur4T66xykVbSrN9F65zP

yVWr2vZxe1H3W3kyjHQVPlN0OOczsrwQ1CTAJ3+wTqJI2KvUnOB2QbSY7EcovB4B

iYaNl7oxZ8MffRccmA0VTHFqHaPo0NvxuOBW+0e7F9M4TUODQQJuArRP5oyDSIWk

CxFrhpeG+HTa3SF0uLzmmQPkzwPu4UsiaxU8+jl+dskDiHAYhsktJ35E7SMjzuHI

DRnqpkHJZAqyYcLH8cXe2VMa73c0awen2vRz9PySV1ui4/Ej11oxw07kvRcpHa5k

B9PonuezczG1a39WGB5cV6J570w7c0Qsci12CmE4kZ6JJ8h9RkkTQEQw88gkSEO6

eV5wuBYKilas937IKRIl3h9BypO8/uIJv8bNwQMiXpDKlE4zPbQ=

=Bh5M

—–END PGP SIGNATURE—–