Unrated severityCISA KEVNVD Advisory· Published Jul 14, 2021· Updated Oct 21, 2025
Serv-U Remote Memory Escape Vulnerability
CVE-2021-35211
Description
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SolarWinds/Serv-U Managed File Transfer Server and Serv-U Secured FTPv5Range: SolarWinds Serv-U
Patches
Vulnerability mechanics
References
2News mentions
2- CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)Help Net Security · Jun 8, 2026
- CISA: Hackers now exploit SolarWinds Serv-U flaw to crash serversBleepingComputer · Jun 5, 2026