Open Redirect Vulnerability in SAP Supplier Relationship Management by SAP
CVE-2026-0513

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management (sicf Handler In Srm Catalog)
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0513?

An Open Redirect Vulnerability has been identified in SAP Supplier Relationship Management, specifically within the SICF Handler in the SRM Catalog. This flaw enables unauthenticated attackers to craft malicious URLs that, when accessed by unsuspecting victims, can redirect them to websites controlled by the attacker. While this vulnerability poses a risk of redirecting users, it does not compromise the confidentiality or availability of the application, leaving the integrity of the application at low risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) SRM_SERVER 700

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 701

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 702

References

https://me.sap.com/notes/3638716

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 9, 2025

JSON

SAP

What is CVE-2026-0513?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.