Vendor
CVE-2026-44752: SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability
3 TTPs 1 CVEAn unauthenticated attacker can exploit a cross-site scripting (XSS) vulnerability (CVE-2026-44752) in SAP NetWeaver Application Server Java by injecting malicious JavaScript through crafted URLs, leading to client-side script execution, access to sensitive session information, and modification of non-sensitive data, resulting in high confidentiality impact and low integrity impact.
Unauthenticated Arbitrary Code Execution in SAProuter via DLL Hijacking (CVE-2026-0487)
1 rule 1 TTP 1 CVE 2 IOCsAn unauthenticated attacker can exploit CVE-2026-0487, a vulnerability in SAProuter running on Microsoft Windows, by loading malicious DLL files from an untrusted location, allowing them to execute arbitrary code on the affected system with high impact on confidentiality, integrity, and availability.
Exploitation of CVE-2026-44747 in SAP NetWeaver ABAP via Memory Corruption
4 TTPs 1 CVEAn authenticated attacker can exploit CVE-2026-44747, an out-of-bounds write vulnerability in SAP NetWeaver Application Server ABAP, to cause memory corruption leading to unauthorized data access, modification, or system unavailability, severely impacting confidentiality, integrity, and availability.
SAP Approuter HTTP Request Smuggling Vulnerability Allows Confidentiality and Availability Impact (CVE-2026-27690)
3 TTPs 1 CVEAn HTTP Request Smuggling vulnerability (CVE-2026-27690, CWE-444) in SAP Approuter allows an unauthenticated attacker to send a specially crafted HTTP request leading to request-response desynchronization, which can result in the exposure of user responses and cause a denial of service by making the system unavailable.