CVE-2026-23687
HIGHSAP NetWeaver Application Server ABAP/ABAP Platform - Privilege Esc...
Title source: llmDescription
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
References (3)
Core 3
Core References
Vendor Advisory
https://url.sap/sapsecuritypatchday
Mailing List
http://seclists.org/fulldisclosure/2026/Jun/1
Permissions Required
https://me.sap.com/notes/3697567
Scores
CVSS v3
8.8
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (37)
sap/sap_basis
700
sap/sap_basis
701
sap/sap_basis
702
sap/sap_basis
731
sap/sap_basis
740
sap/sap_basis
750
sap/sap_basis
751
sap/sap_basis
752
sap/sap_basis
753
sap/sap_basis
754
... and 27 more
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026