SAP NetWeaver Enterprise Portal Vulnerability Exposes Users to Script Injection
CVE-2026-44759

6.1MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
14 July 2026

What is CVE-2026-44759?

A security issue in SAP NetWeaver Enterprise Portal enables unauthenticated attackers to inject harmful scripts via URL parameters. When users access the maliciously crafted URL, the scripts are executed within their browsers. This leads to potential theft of sensitive session information and manipulation of the portal's content, posing risks to user data integrity and privacy. No impact on application availability is noted.

Affected Version(s)

SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.