Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN612 _____________________________________________________________________ DATE : 10/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1. ===================================================================== https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4-hotfix-1_release_notes.htm _____________________________________________________________________ Serv-U 15.5.4 Hotfix 1 release notes Release date: June 4, 2026 Here's what's new in Serv-U 15.5.4 Hotfix 1. You can find the applicable system requirements here. To view release notes, system requirements, and product guide PDFs for supported versions of Serv-U, see Serv-U previous versions. To view release notes for multiple versions and multiple SolarWinds Platform products on a single page, see the release notes aggregator. Attention Serv-U customers New features and improvements in Serv-U Fixed CVEs SolarWinds CVEs Installation instructions Result Uninstallation instructions End of life Legal notices Attention Serv-U customers Serv-U 15.5.4 Hotfix 1 provides bugfixes related to CVE-2026-28318. For information about the 15.5.4 release, see the Serv-U 15.5.4 release notes. Customers who downloaded and installed Serv-U 15.5.4 should also download and install Serv-U 15.5.4 Hotfix 1. New features and improvements in Serv-U There were no features or improvements added for Serv-U in this release. Fixed CVEs At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs. SolarWinds CVEs SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability. CVE-ID Vulnerability Title Description Severity Credit CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update. 7.5 High Installation instructions As you install this hotfix, take note of the files you add, remove, replace, or modify for your future reference should you decide to uninstall this hotfix at any point. Shut down all running Serv-U processes. Right-click the tray icon and select Stop Serv-U. Right-click the tray icon and select Exit Tray. Back up the following files: Windows OS \Serv-U.exe \Serv-U-Tray.exe \Serv-U.dll \Serv-U-RES.dll \RhinoNET.dll \RhinoRES.dll \Strings\Serv-U.str \Strings\Serv-U-Strings.h Linux OS: /Serv-U /Strings/Serv-U.str /Strings/Serv-U-Strings.h Extract the hotfix archive to a temporary location. Open the folder for the platform on which Serv-U is installed. For example, open the Linux/64-bit folder if Serv-U is installed on a 64-bit version of Linux. On Linux, modify the permissions of the file by executing the following command: chmod u+xs Serv-U Copy the contents of this folder to your Serv-U installation directory. The default installation directory in Windows is: C:\Program Files\RhinoSoft\Serv-U The default installation directory in Linux is: /usr/local/Serv-U Start the Serv-U Tray application. Right-click the Serv-U Tray icon and select Start Serv-U. The hotfix is installed. Result An attacker can no longer crash the Serv-U service by sending a simple request to the server with Content-Encoding: deflate and some data. Uninstallation instructions Shut down all running Serv-U processes. Right-click the tray icon and select Stop Serv-U. Right-click the tray icon and select Exit Tray. Replace the following files with the ones you backed up during installation: Windows OS \Serv-U.exe \Serv-U-Tray.exe \Serv-U.dll \Serv-U-RES.dll \RhinoNET.dll \RhinoRES.dll \Strings\Serv-U.str \Strings\Serv-U-Strings.h Linux OS: /Serv-U /Strings/Serv-U.str /Strings/Serv-U-Strings.h Start the Serv-U Tray application. Right-click the Serv-U Tray icon and select Start Serv-U. The hotfix is uninstalled. For more information, contact Technical Support at https://customerportal.solarwinds.com/support/submit-a-ticket. End of life Version EoL announcement EoE effective date EoL effective date 15.5.1 November 18, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.5.1 or earlier should begin transitioning to the latest version of Serv-U. February 18, 2026: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.5.1 or earlier will no longer actively be supported by SolarWinds. November 18, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.5.1. 15.5 July 8, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.5 or earlier should begin transitioning to the latest version of Serv-U. October 8, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.5 or earlier will no longer actively be supported by SolarWinds. October 8, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.5. 15.4.2 April 15, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.4.2 or earlier should begin transitioning to the latest version of Serv-U. July 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.4.2 or earlier will no longer actively be supported by SolarWinds. July 15, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.4.2. See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier Serv-U versions, see Serv-U release history. Legal notices © 2026 SolarWinds Worldwide, LLC. All rights reserved. This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors. SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================