PT-2026-57938 · Sap Se · Sap Netweaver Application Server Java

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-44752

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44752

Affected Products

Sap Netweaver Application Server Java