CVE-2026-27684

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Feedback Notifications Service (affected versions not specified)

Description The application contains a SQL injection flaw that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping, enabling manipulation of the WHERE clause logic. This could potentially lead to unauthorized access to or modification of database information. The issue has no impact on integrity and a low impact on confidentiality and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.