HTTP Request Smuggling Vulnerability in SAP Approuter
CVE-2026-27690
9.1CRITICAL
What is CVE-2026-27690?
The HTTP Request Smuggling vulnerability in SAP Approuter allows unauthenticated attackers to craft malicious HTTP requests, leading to request-response desynchronization. This exploit can expose sensitive user responses and trigger service unavailability, significantly impacting the confidentiality and availability of the affected system.
Affected Version(s)
SAP Approuter SAP Approuter node.js package < 20.10.0