Skip to content
Threat Feed

Vendor

SAP SE

4 briefs RSS
high advisory

CVE-2026-44752: SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

An unauthenticated attacker can exploit a cross-site scripting (XSS) vulnerability (CVE-2026-44752) in SAP NetWeaver Application Server Java by injecting malicious JavaScript through crafted URLs, leading to client-side script execution, access to sensitive session information, and modification of non-sensitive data, resulting in high confidentiality impact and low integrity impact.

SAP NetWeaver Application Server Java xss sap java web-vulnerability
3t 1c
high advisory

Unauthenticated Arbitrary Code Execution in SAProuter via DLL Hijacking (CVE-2026-0487)

An unauthenticated attacker can exploit CVE-2026-0487, a vulnerability in SAProuter running on Microsoft Windows, by loading malicious DLL files from an untrusted location, allowing them to execute arbitrary code on the affected system with high impact on confidentiality, integrity, and availability.

SAProuter +12 dll-hijacking code-execution vulnerability cve
1r 1t 1c 2i
critical advisory

Exploitation of CVE-2026-44747 in SAP NetWeaver ABAP via Memory Corruption

An authenticated attacker can exploit CVE-2026-44747, an out-of-bounds write vulnerability in SAP NetWeaver Application Server ABAP, to cause memory corruption leading to unauthorized data access, modification, or system unavailability, severely impacting confidentiality, integrity, and availability.

SAP NetWeaver Application Server ABAP +12 cve-2026-44747 memory-corruption sap netweaver abap out-of-bounds-write
4t 1c
medium advisory

SAP Approuter HTTP Request Smuggling Vulnerability Allows Confidentiality and Availability Impact (CVE-2026-27690)

An HTTP Request Smuggling vulnerability (CVE-2026-27690, CWE-444) in SAP Approuter allows an unauthenticated attacker to send a specially crafted HTTP request leading to request-response desynchronization, which can result in the exposure of user responses and cause a denial of service by making the system unavailable.

SAP Approuter node.js package http-request-smuggling vulnerability sap web-application denial-of-service data-exposure
3t 1c