CVE-2026-44748 | THREATINT

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application.

PUBLISHED Reserved 2026-05-07 | Published 2026-06-09 | Updated 2026-06-09 | Assigner sap

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-347: Improper Verification of Cryptographic Signature

Product status

Default status

unaffected

SAP_BASIS 702

affected

SAP_BASIS 731

affected

SAP_BASIS 740

affected

SAP_BASIS 750

affected

SAP_BASIS 751

affected

SAP_BASIS 752

affected

SAP_BASIS 753

affected

SAP_BASIS 754

affected

SAP_BASIS 755

affected

SAP_BASIS 756

affected

SAP_BASIS 757

affected

SAP_BASIS 758

affected

SAP_BASIS 816

affected

SAP_BASIS 918

affected

SAP_BASIS 919

affected

References

me.sap.com/notes/3746332

url.sap/sapsecuritypatchday

cve.org (CVE-2026-44748)

nvd.nist.gov (CVE-2026-44748)

Download JSON