CVE-2026-27674

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java (Web Dynpro Java) (affected versions not specified)

Description A code injection issue in the Web Dynpro Java component allows an unauthenticated attacker to provide crafted input that the application interprets to reference attacker-controlled content. If a victim accesses the affected functionality, this content can be executed within the victim's browser, potentially leading to session compromise and the execution of arbitrary client-side code, which impacts the confidentiality and integrity of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.