CVE-2026-44748

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application.

Vulnerability Details

Published Date

June 09, 2026

Last Modified

June 09, 2026

CWE ID

CWE-347

Source

NVD

Vendor

SAP_SE

Product

SAP NetWeaver AS ABAP and ABAP Platform

External References

https://me.sap.com/notes/3746332
https://url.sap/sapsecuritypatchday

CVE-2026-44748

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment