CVE-2026-44749 | THREATINT

Description

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-26 | Updated 2026-05-26 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

SAP_GWFND 750

affected

751

affected

752

affected

753

affected

754

affected

755

affected

756

affected

757

affected

758

affected

SAP_BASIS 795

affected

References

me.sap.com/notes/3433366

url.sap/sapsecuritypatchday

cve.org (CVE-2026-44749)

nvd.nist.gov (CVE-2026-44749)

Download JSON