← voltar
CVE-2026-27680

CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

CVSS 3.1 LOWEPSS 0.2%CWE-276
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP NetWeaver Application Server ABAP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3665042https://url.sap/sapsecuritypatchday