Unrated severityCISA KEVNVD Advisory· Published Jun 6, 2024· Updated Oct 21, 2025
SolarWinds Serv-U L Directory Transversal Vulnerability
CVE-2024-28995
Description
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SolarWinds/SolarWinds Serv-Uv5Range: 15.4.2 HF 1 and previous versions
Patches
Vulnerability mechanics
References
1- www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995mitrevendor-advisory
News mentions
2- CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)Help Net Security · Jun 8, 2026
- CISA: Hackers now exploit SolarWinds Serv-U flaw to crash serversBleepingComputer · Jun 5, 2026