Web Application Vulnerability in SAP CRM WebClient UI
CVE-2026-44768

4.1MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
14 July 2026

What is CVE-2026-44768?

The SAP CRM WebClient UI is susceptible to a vulnerability that allows attackers to inject and execute malicious scripts due to a lack of proper Content Security Policy (CSP) configurations. This deficiency opens the door for potential script attacks, compromising the application's security integrity. Although the vulnerability does not impact the confidentiality or availability of the system, it poses a risk to its overall security posture. It is crucial for organizations using the SAP CRM WebClient UI to implement appropriate security measures, including configuring CSP to mitigate such risks. For more information, refer to the official SAP notes and security patch day documentation.

Affected Version(s)

SAP CRM (WebClient UI) S4FND 104

SAP CRM (WebClient UI) 105

SAP CRM (WebClient UI) 106

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.