Path Traversal Vulnerability in SAP NetWeaver Application Server Java
CVE-2026-40128

9CRITICAL

What is CVE-2026-40128?

The SAP NetWeaver Application Server Java (Web Container) exhibits a vulnerability that allows an attacker to craft a malicious HTTP logon request. This request can manipulate file inclusion parameters, enabling path traversal attacks. If successfully exploited, the attacker may gain unauthorized access to sensitive files, potentially leading to viewing or modifying critical information. Furthermore, this could impact the availability of various components within the local system, posing significant risks to the integrity and confidentiality of the data.

Affected Version(s)

SAP NetWeaver Application Server Java (Web Container) ENGINEAPI 7.50

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.