Content Spoofing vulnerability in SAPUI5 (Search UI)
CVE-2026-34258

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAPui5 (search Ui)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34258?

SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.

Affected Version(s)

SAPUI5 (Search UI) SAPUI5 1.108

SAPUI5 (Search UI) 1.120

SAPUI5 (Search UI) 1.136

References

https://me.sap.com/notes/3726583

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34258 Data

JSON