CVE-2026-27680
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 3.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server ABAP¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →