Path Traversal Vulnerability in SAP NetWeaver Application Server Java
CVE-2026-40128
9CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 9 June 2026
What is CVE-2026-40128?
The SAP NetWeaver Application Server Java (Web Container) exhibits a vulnerability that allows an attacker to craft a malicious HTTP logon request. This request can manipulate file inclusion parameters, enabling path traversal attacks. If successfully exploited, the attacker may gain unauthorized access to sensitive files, potentially leading to viewing or modifying critical information. Furthermore, this could impact the availability of various components within the local system, posing significant risks to the integrity and confidentiality of the data.
Affected Version(s)
SAP NetWeaver Application Server Java (Web Container) ENGINEAPI 7.50