VDB

CVE-2026-23687

CVE-2026-23687 PUBLISHED CVSS 8.800000190734863 HIGH

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

EPSS 0.02% · 5.5th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
5.5th percentile

Affected Products

VendorProductVersions
SAP_SESAP NetWeaver AS ABAP and ABAP PlatformSAP_BASIS 700, SAP_BASIS 740, SAP_BASIS 750
sapsap_basis701, 700, 702

Timeline

  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 10, 2026 PoC Published
  • Feb 10, 2026 PoC Published
  • Feb 10, 2026 PoC Published
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›