URL Manipulation Vulnerability in SAP Fiori Launchpad
CVE-2026-24315
4.2MEDIUM
What is CVE-2026-24315?
The SAP Fiori Launchpad is vulnerable to a URL manipulation issue that enables attackers to create malicious URLs. When a user interacts with these crafted URLs, it can lead to unauthorized service calls on the Fiori domain, risking user account credentials. Although successful exploitation requires a deep understanding of the system, users could unknowingly expose themselves to potential account compromises. Importantly, the system’s availability remains unaffected.
Affected Version(s)
SAP Fiori (launchpad) SAP_UI 754
SAP Fiori (launchpad) 755
SAP Fiori (launchpad) 756