CVE-2026-23687 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23687 PUBLISHED CVSS 8.800000190734863 HIGH

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

EPSS 0.02% · 3.9th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.02%

3.9th percentile

Affected Products

Vendor	Product	Versions
SAP_SE	SAP NetWeaver AS ABAP and ABAP Platform	SAP_BASIS 700, SAP_BASIS 740, SAP_BASIS 750
sap	sap_basis	701, 700, 702

Timeline

Jan 14, 2026 CVE ID Reserved
Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score

References

Open in Interactive Console →