CVE-2026-0500

Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager (WorkStation) (affected versions not specified)

Description An unauthenticated attacker can create a malicious Java Network Launch Protocol (JNLP) file accessible via a public URL. When a victim clicks this URL, the accessed SAP Wily Introscope Server could execute operating system commands on the victim’s machine, potentially compromising the confidentiality, integrity, and availability of the system. The issue stems from the use of a vulnerable third-party component. A JNLP file is a file format used by Java Web Start to launch applications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.