CVE-2026-0512 — Vulnetix

CVE-2026-0512 PUBLISHED CVSS 6.099999904632568 MEDIUM

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Supplier Relationship Management (SICF Handler in SRM Catalog)	SRM_SERVER 702, 713, 714

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 Security Advisory

References

https://me.sap.com/notes/3645228 url
https://url.sap/sapsecuritypatchday url
https://nvd.nist.gov/vuln/detail/CVE-2026-0512 advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html advisory

Open in Interactive Console →