CVE-2026-24316NVD

Vulnerability Summary

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.

Severity Level

MEDIUM(6.4)

Published Date

Mar 10, 2026

Last Modified

Jun 3, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-918: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://me.sap.com/notes/3689080
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-24316NVD

Vulnerability Summary

External References