CVE-2026-24316
Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
10 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
SAP_SE · SAP NetWeaver Application Server for ABAPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →