CVE-2026-40128

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

Vulnerability Details

Published Date

June 09, 2026

Last Modified

June 09, 2026

CWE ID

CWE-35

Source

NVD

Vendor

SAP_SE

Product

SAP NetWeaver Application Server Java (Web Container)

External References

https://me.sap.com/notes/3727078
https://url.sap/sapsecuritypatchday

CVE-2026-40128

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment