OAuth2 Login Flow Vulnerability in SAP Approuter
CVE-2026-44745
8.1HIGH
What is CVE-2026-44745?
The SAP Approuter has a security vulnerability where it fails to validate incoming request headers properly during the OAuth2 login flow. Certain configurations may expose this flaw to unauthenticated remote attackers, enabling them to create malicious URLs that, when accessed by unsuspecting users, could lead to unauthorized access of sensitive information. This vulnerability poses a significant threat to the confidentiality and integrity of the data processed by the application, underscoring the importance of applying security patches and maintaining vigilant security practices.
Affected Version(s)
SAP Approuter SAP Approuter node.js package < 21.2.0