CVE-2026-24316

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP (affected versions not specified)

Description The software includes an ABAP Report designed for testing that enables sending HTTP requests to any internal or external endpoint. This functionality is susceptible to Server-Side Request Forgery (SSRF). Successful exploitation may allow interaction with sensitive internal endpoints, potentially impacting data confidentiality and integrity. The application's availability is not affected. The report allows requests to arbitrary endpoints via the use of an ABAP Report. The vulnerable component is an ABAP Report used for testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.