XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform
CVE-2026-44748

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Netweaver As Abap And Abap Platform
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-44748?

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application.

Affected Version(s)

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 702

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 731

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 740

References

https://me.sap.com/notes/3746332

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44748 Data

JSON