Improper Input Handling Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2026-27680

3.1LOW

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-27680?

A security flaw in the SAP NetWeaver Application Server ABAP allows attackers to exploit improper input handling, enabling the injection of malicious Cascading Style Sheets (CSS) into web pages served by the application. This can lead to unauthorized execution of the injected CSS when users access affected pages, potentially compromising the user experience. While the issue specifically affects the integrity of the web content, it does not have a significant impact on confidentiality or availability.

Affected Version(s)

SAP NetWeaver Application Server ABAP SAP_UI 758

SAP NetWeaver Application Server ABAP 816

References

https://me.sap.com/notes/3665042

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27680 Data

JSON