PT-2026-24161 · Sap · Sap Netweaver Enterprise Portal+1
Published
2026-03-10
·
Updated
2026-03-11
·
CVE-2026-27685
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Enterprise Portal versions prior to 7.50
Description
A privileged user uploading untrusted or malicious content that, when deserialized, could compromise the confidentiality, integrity, and availability of the host system. This issue involves deserialization within SAP NetWeaver EP-RUNTIME. The vulnerability allows for remote code execution (RCE) and potential lateral movement within a network.
Recommendations
Ensure that privileged users do not upload untrusted or malicious content.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Ep-Runtime
Sap Netweaver Enterprise Portal