CVE-2026-44749

MEDIUM

Information Disclosure vulnerability in SAP Gateway

Title source: cna

Description

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

References (2)

Core 2

Core References

https://me.sap.com/notes/3433366

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (10)

SAP_SE/SAP Gateway 751

SAP_SE/SAP Gateway 752

SAP_SE/SAP Gateway 753

SAP_SE/SAP Gateway 754

SAP_SE/SAP Gateway 755

SAP_SE/SAP Gateway 756

SAP_SE/SAP Gateway 757

SAP_SE/SAP Gateway 758

SAP_SE/SAP Gateway SAP_BASIS 795

SAP_SE/SAP Gateway SAP_GWFND 750

Published May 26, 2026

Tracked Since May 26, 2026