Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2026-44760
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-44760?
This vulnerability allows attackers to exploit the SAP NetWeaver Application Server ABAP by injecting unsanitized input into the HTTP responses. As a result, arbitrary JavaScript code can be executed, leading to potential session hijacking and unauthorized actions on behalf of users. It is important for organizations using this framework to implement security measures to sanitize user inputs and regularly update their systems to mitigate risks.
Affected Version(s)
SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 700
SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 701
SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 702