Lyrie
Streams
CVE Deep DivesActive ExploitationResearchBreachesLyrie OriginalsAI Threats
SearchMethodology
Get Lyrie →
Actively Exploited
CVSS 7.5ACTIVELY EXPLOITED4 sources verified·1 min read
By Lyrie Threat Intelligence·6/4/2026

HIGH: CVE-2026-28318 actively exploited — solarwinds serv-u

CVE: CVE-2026-28318

CVSS: 7.5 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH

Status: ✅ Confirmed exploited in the wild (CISA KEV)

Affected

  • solarwinds serv-u

Summary

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Verified Sources

References

  • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm
  • https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28318

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.

#solarwinds#exploited-itw

Validated sources

  1. [1]NVD
  2. [2]GitHub Advisory
  3. [3]MITRE
  4. [4]CISA KEV

Related Articles

active exploitation
Most $TAO holders know what dTAO is. Almost none of them understand what it is actually telling them. That gap is wher
1 min read · 1 sources
active exploitation
random discord guy in 2026: "we have discovered a critical vulnerability in your protocol" the vulnerability: "we can
1 min read · 1 sources
active exploitation
CISA: CVE-2026-20253 added to Known Exploited Vulnerabilities — Splunk Enterprise
1 min read · 3 sources