Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver JAVA
CVE-2026-44746
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 9 June 2026
What is CVE-2026-44746?
A reflected cross-site scripting vulnerability exists in SAP NetWeaver JAVA's JDBC Test Servlet that enables unauthenticated attackers to craft malicious URLs. Clicking such a link triggers the execution of harmful scripts within the victim's browser, potentially compromising sensitive information and altering the integrity of the web application while leaving its availability intact. This vulnerability highlights the importance of sanitizing user inputs to prevent malicious exploitation.
Affected Version(s)
SAP NetWeaver AS Java (JDBC Test Servlet) BI_UDI 7.50