Authentication Bypass Vulnerability in SAP NetWeaver Application Server
CVE-2026-44748
What is CVE-2026-44748?
The SAP NetWeaver Application Server ABAP and ABAP Platform are susceptible to a vulnerability that allows authenticated attackers with standard permissions to exploit the system. They can obtain a valid signed message and send tampered signed XML documents to the verifier. This could enable unauthorized access to sensitive user data and disrupt normal system operations. Consequently, this vulnerability poses serious risks to the confidentiality, integrity, and availability of the application.
Affected Version(s)
SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 702
SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 731
SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 740
News Articles
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved