Cross-Site Scripting Vulnerability in SAP Supplier Relationship Management
CVE-2026-0512

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management (sicf Handler In Srm Catalog)
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-0512?

A Cross-Site Scripting (XSS) vulnerability exists in SAP Supplier Relationship Management's SICF Handler, allowing unauthenticated attackers to craft malicious URLs. When these URLs are accessed by victims, harmful scripts execute in their browsers, potentially enabling attackers to manipulate sensitive information. This vulnerability jeopardizes the confidentiality and integrity of the application, necessitating urgent attention from users and administrators.

Affected Version(s)

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) SRM_SERVER 702

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 713

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 714

References

https://me.sap.com/notes/3645228

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Dec 9, 2025

CVE-2026-0512 Data

JSON