PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28318 SolarWinds CVE debrief

CVE-2026-28318 is a HIGH severity vulnerability in SolarWinds Serv-U, classified as Uncontrolled Resource Consumption with a CVSS score of 7.5. It was published on 2026-06-05 and added to the CISA Known Exploited Vulnerabilities catalog on the same day, with a due date for mitigations of 2026-06-19. The vulnerability is described as an Uncontrolled Resource Consumption issue in SolarWinds Serv-U.

Vendor
SolarWinds
Product
Serv-U
CVSS
HIGH 7.5
CISA KEV
Listed
Original CVE published
2026-06-05
Original CVE updated
2026-06-05
Advisory published
2026-06-05
Advisory updated
2026-06-05

Who should care

Administrators and users of SolarWinds Serv-U are advised to apply mitigations per vendor instructions or follow applicable BOD 22-01 guidance for cloud services. If mitigations are unavailable, discontinuing use of the product is recommended.

Technical summary

The vulnerability is identified as CVE-2026-28318 and affects SolarWinds Serv-U. It is characterized as an Uncontrolled Resource Consumption vulnerability, which can lead to a denial-of-service (DoS) condition. The CVSS score for this vulnerability is 7.5, indicating a HIGH severity level.

Defensive priority

HIGH

Recommended defensive actions

  • Apply mitigations per vendor instructions.
  • Follow applicable BOD 22-01 guidance for cloud services.
  • Discontinue use of the product if mitigations are unavailable.

Evidence notes

The CISA Known Exploited Vulnerabilities catalog (resourceLinkAnnotations: cisa-kev) provides guidance on this vulnerability, including recommended actions and a due date for mitigations.

Official resources

CVE-2026-28318 was published on 2026-06-05. The vulnerability affects SolarWinds Serv-U and is classified as Uncontrolled Resource Consumption.