[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-28318":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":88,"downstream":89,"duplicates":90,"related":91,"reserved_at":9,"published_at":92,"modified_at":93,"state":94,"summary":95,"references_raw":106,"kevs":124,"epss":135,"epss_history":138,"metrics":143,"affected":151},"CVE-2026-28318","SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[],[],[],[],[],"2026-06-04T14:05:58.218Z","2026-06-06T03:55:57.072Z","Analyzed",{"cisa_kev":96,"cisa_ransomware":97,"cisa_vendor":98,"epss_severity":99,"epss_score":100,"severity":101,"severity_score":102,"severity_version":103,"severity_source":104,"severity_vector":105,"severity_status":94},true,false,"SolarWinds","low",0.05318,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[107,113,118],{"url":108,"sources":109,"tags":111},"https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318",[104,110],"nvd",[112],"Vendor Advisory",{"url":114,"sources":115,"tags":116},"https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm",[104,110],[117],"Release Notes",{"url":119,"sources":120,"tags":121},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-28318",[104,110],[122,123],"Government Resource","US Government Resource",[125],{"source":126,"vendor":98,"product":127,"date_added":128,"vulnerability_name":129,"short_description":130,"required_action":131,"due_date":132,"known_ransomware_campaign_use":133,"notes":134,"exploitation_type":9},"cisa","Serv-U","2026-06-05","SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability","SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-06-19","Unknown","https://www.solarwinds.com/trust-center/security-advisories/cve-2026-28318 ; https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm#link7 ; https://nvd.nist.gov/vuln/detail/CVE-2026-28318",{"date":136,"score":100,"percentile":137},"2026-06-06",0.90225,[139,142],{"date":128,"score":140,"percentile":141},0.00062,0.1965,{"date":136,"score":100,"percentile":137},[144,149],{"source":104,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":145,"cvss_v4_0":9},{"baseScore":102,"baseSeverity":146,"vectorString":105,"impactScore":147,"exploitabilityScore":148},"HIGH",6,10,{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":150,"cvss_v4_0":9},{"baseScore":102,"baseSeverity":146,"vectorString":105,"impactScore":147,"exploitabilityScore":148},[152],{"ecosystem":9,"name":127,"vendor":153,"product":154,"cpe_part":155,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":156},"solarwinds","serv-u","a",[157,162,163],{"version":158,"is_range":96,"range_type":159,"version_start":9,"version_start_type":9,"version_end":160,"version_end_type":161,"fixed_in":9},"lt15.5.4","cpe","15.5.4","excluding",{"version":160,"is_range":97,"range_type":159,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":164,"is_range":97,"range_type":104,"version_start":164,"version_start_type":165,"version_end":164,"version_end_type":165,"fixed_in":9},"15.5.4 and previous versions","including"]