CVE-2026-34257

Published: Apr 14, 2026Modified: Jun 3, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: CNA

Description

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

Affected (14)

Products: Sap: Netweaver Application Server Abap

Sap

1 product

Netweaver Application Server Abap

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Abap	Version 700
Sap Netweaver Application Server Abap	Version 701
Sap Netweaver Application Server Abap	Version 702
Sap Netweaver Application Server Abap	Version 731
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 752
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 754
Sap Netweaver Application Server Abap	Version 755
Sap Netweaver Application Server Abap	Version 756
Sap Netweaver Application Server Abap	Version 757
Sap Netweaver Application Server Abap	Version 758
Sap Netweaver Application Server Abap	Version 816

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://me.sap.com/notes/3692004

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.