SAPUI5 Search UI Vulnerability Allows Malicious URL Manipulation
CVE-2026-34258

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAPui5 (search Ui)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34258?

The vulnerability in SAPUI5 Search UI exposes users to potential security risks by allowing unauthorized attackers to exploit specific URL parameters. This manipulation can result in the delivery of harmful content to unsuspecting users, redirecting them to attacker-controlled pages. While this issue affects the application's confidentiality, it does not compromise the integrity or availability of the system. Users should be vigilant to avoid falling victim to deceptive links crafted through this vulnerability.

Affected Version(s)

SAPUI5 (Search UI) SAPUI5 1.108

SAPUI5 (Search UI) 1.120

SAPUI5 (Search UI) 1.136

References

https://me.sap.com/notes/3726583

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34258 Data

JSON