CVE-2026-0505 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0505 PUBLISHED CVSS 6.099999904632568 MEDIUM

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

EPSS 0.03% · 8.5th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.03%

8.5th percentile

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Document Management System	SAP_APPL 618, S4CORE 102, 103
sap	document_management_system	602, 603, 604
sap	erp	618
sap	s4core	102, 103, 108

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score

References

Open in Interactive Console →