CVE-2026-0508

HIGH

SAP BusinessObjects - Open Redirect

Title source: llm

Description

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.

References (2)

[Permissions Required] https://me.sap.com/notes/3674246

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Classification

CWE

CWE-601

Status published

Affected Products (3)

sap/businessobjects_business_intelligence_platform

Timeline

Published Feb 10, 2026

Tracked Since Feb 18, 2026