PT-2026-39923 · Sap · Sap Netweaver+2

Published

2026-05-12

·

Updated

2026-05-12

·

CVE-2026-40129

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions SAP Application Server ABAP for SAP NetWeaver and ABAP Platform (affected versions not specified)
Description A code injection flaw allows an authenticated attacker to send specially crafted inputs to the application. When processed, this input can be delivered to users subscribed to the channel, enabling the execution of arbitrary code for those users. This issue results in a low impact on system integrity, with no impact on confidentiality or availability.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-40129

Affected Products

Abap Platform
Abap Application Server
Sap Netweaver