CVE-2026-23687

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform (affected versions not specified)

Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This allows attackers to tamper with signed XML documents, potentially resulting in the acceptance of tampered identity information, unauthorized access to sensitive user data, and disruption of normal system usage. This issue is due to a flaw in how the ABAP Platform verifies XML signatures, specifically through a technique known as XML Signature Wrapping (XSW). Approximately 16,000 instances have been identified globally. The attacker intercepts a valid message and "wraps" malicious content within its legitimate signature, tricking the verifier. The vulnerability impacts the ability to trust the authenticity and integrity of XML-based communications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.