CyberSec.Space Logo
Back to CVE Browser

CVE-2026-23687

HIGH
8.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile40.63th
PublishedFeb 10, 2026
Last ModifiedJun 9, 2026

Vulnerability Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

Affected Platforms (CPE)

πŸ“¦
Sap

Sap Basis

= 700
πŸ“¦
Sap

Sap Basis

= 701
πŸ“¦
Sap

Sap Basis

= 702
πŸ“¦
Sap

Sap Basis

= 731
πŸ“¦
Sap

Sap Basis

= 740
πŸ“¦
Sap

Sap Basis

= 750
πŸ“¦
Sap

Sap Basis

= 751
πŸ“¦
Sap

Sap Basis

= 752
πŸ“¦
Sap

Sap Basis

= 753
πŸ“¦
Sap

Sap Basis

= 754
πŸ“¦
Sap

Sap Basis

= 755
πŸ“¦
Sap

Sap Basis

= 756
πŸ“¦
Sap

Sap Basis

= 757
πŸ“¦
Sap

Sap Basis

= 758
πŸ“¦
Sap

Sap Basis

= 804
πŸ“¦
Sap

Sap Basis

= 916
πŸ“¦
Sap

Sap Basis

= 917
πŸ“¦
Sap

Sap Basis

= 918

References & Advisories

πŸ”— https://me.sap.com/notes/3697567
πŸ”— https://url.sap/sapsecuritypatchday
πŸ”— http://seclists.org/fulldisclosure/2026/Jun/1

Related Vulnerabilities

CVE-2019-02798.8

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed...

CVE-2018-23638.8

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you ...

CVE-2018-23678.8

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker t...

CVE-2018-24948.0

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS A...