Open Redirect Vulnerability in SAP Supplier Relationship Management by SAP
CVE-2026-0513

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management (sicf Handler In Srm Catalog)
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0513?

An Open Redirect Vulnerability has been identified in SAP Supplier Relationship Management, specifically within the SICF Handler in the SRM Catalog. This flaw enables unauthenticated attackers to craft malicious URLs that, when accessed by unsuspecting victims, can redirect them to websites controlled by the attacker. While this vulnerability poses a risk of redirecting users, it does not compromise the confidentiality or availability of the application, leaving the integrity of the application at low risk.

Affected Version(s)

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) SRM_SERVER 700

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 701

SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 702

References

https://me.sap.com/notes/3638716

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 9, 2025

CVE-2026-0513 Data

JSON