Script Injection Vulnerability in BSP Applications by SAP
CVE-2026-24323

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Document Management System
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-24323?

BSP applications by SAP are susceptible to a script injection vulnerability that allows unauthenticated attackers to execute malicious scripts. The vulnerability arises from improper validation of user-supplied URL parameters, enabling the injection of harmful scripts. When a user clicks on a crafted URL, the malicious script runs in the context of the victim's browser, potentially compromising confidentiality and integrity. It underscores the importance of robust input validation to protect against such web application threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Document Management System SAP_APPL 618

SAP Document Management System S4CORE 102

SAP Document Management System 103

References

https://me.sap.com/notes/3678417

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Jan 21, 2026

JSON

SAP