CVE-2026-23686 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23686 PUBLISHED CVSS 3.4000000953674316 LOW

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.

EPSS 0.03% · 9.7th percentile

Risk Scores

CVSS v3.1

3.4000000953674316

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

EPSS Score

0.03%

9.7th percentile

Affected Products

Vendor	Product	Versions
sap	netweaver_application_server_java	7.50
SAP_SE	SAP NetWeaver Application Server Java	LMNWABASICAPPS 7.50

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score

References

Open in Interactive Console →