Full Report
SolarWinds security advisory (AV26-549)
Analysis Summary
# Vulnerability: SolarWinds Serv-U and Web Help Desk Denial-of-Service
## CVE Details
**Vulnerability 1:**
- CVE ID: CVE-2026-28299
- CVSS Score: Not specified in advisory (Typically Medium/High for DoS)
- CWE: Resource Exhaustion / Denial of Service
**Vulnerability 2:**
- CVE ID: CVE-2026-28318
- CVSS Score: Not specified in advisory (Typically Medium/High for DoS)
- CWE: Improper Handling of Insufficient Permissions or Unauthenticated Request (DoS)
## Affected Systems
- **Products:**
- SolarWinds Serv-U
- SolarWinds Web Help Desk
- **Versions:**
- Serv-U: Versions prior to 15.5.4 HF1
- Web Help Desk: Versions prior to 2026.2
- **Configurations:** Default installations facing the network/internet are at primary risk.
## Vulnerability Description
- **CVE-2026-28299 (Web Help Desk):** A flaw in the Web Help Desk application that allows an attacker to trigger a Denial-of-Service (DoS) condition, potentially by overwhelming the application's processing capabilities or exhausting system resources.
- **CVE-2026-28318 (Serv-U):** An unauthenticated Denial-of-Service vulnerability. This flaw allows a remote attacker to crash the Serv-U service or render it unavailable without requiring valid credentials, significantly impacting service availability.
## Exploitation
- **Status:** Not specified as exploited in the wild; PoC status unknown.
- **Complexity:** Low (unauthenticated access for Serv-U).
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** None.
- **Integrity:** None.
- **Availability:** High (Service disruption/unavailability).
## Remediation
### Patches
SolarWinds recommends upgrading to the following versions:
- **SolarWinds Serv-U:** Upgrade to version **15.5.4 HF1** or later.
- **SolarWinds Web Help Desk:** Upgrade to version **2026.2** or later.
### Workarounds
- No specific workarounds provided. Immediate patching is the recommended course of action.
- Restrict access to the management interfaces of these products to authorized IP addresses only.
## Detection
- Monitor for unexpected service restarts or crashes in Serv-U and Web Help Desk logs.
- Utilize network intrusion detection systems (IDS) to monitor for high-frequency requests or abnormal packet structures targeting these services.
## References
- SolarWinds Trust Center: hxxps[://]www[.]solarwinds[.]com/trust-center/security-advisories
- CVE-2026-28299 Advisory: hxxps[://]www[.]solarwinds[.]com/trust-center/security-advisories/cve-2026-28299
- CVE-2026-28318 Advisory: hxxps[://]www[.]solarwinds[.]com/trust-center/security-advisories/cve-2026-28318
- Canadian Centre for Cyber Security Alert: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/solarwinds-security-advisory-av26-549