CVE-2026-23687

XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

CVSS 8.8 HIGHEPSS 0.5%CWE-347

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

SAP_SE · SAP NetWeaver AS ABAP and ABAP Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://seclists.org/fulldisclosure/2026/Jun/1 https://me.sap.com/notes/3697567 https://url.sap/sapsecuritypatchday