Web Application Vulnerability in SAP CRM WebClient UI
CVE-2026-44768
What is CVE-2026-44768?
The SAP CRM WebClient UI is susceptible to a vulnerability that allows attackers to inject and execute malicious scripts due to a lack of proper Content Security Policy (CSP) configurations. This deficiency opens the door for potential script attacks, compromising the application's security integrity. Although the vulnerability does not impact the confidentiality or availability of the system, it poses a risk to its overall security posture. It is crucial for organizations using the SAP CRM WebClient UI to implement appropriate security measures, including configuring CSP to mitigate such risks. For more information, refer to the official SAP notes and security patch day documentation.
Affected Version(s)
SAP CRM (WebClient UI) S4FND 104
SAP CRM (WebClient UI) 105
SAP CRM (WebClient UI) 106