CVE-2026-23687HIGH 8.8EPSS p21.3%

CVE-2026-23687CVE-2026-23687

sap / sap_basis

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.30% probability of exploitation · percentile 21.3% · 2026-06-18T12:00:27Z
Published2026-02-10
Last modified2026-06-09

Underlying weaknesses· 1

CWE-347

References

  1. https://me.sap.com/notes/3697567
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-44748
CVE
CVE-2025-26661
CVE
CVE-2025-0066
CVE
CVE-2026-27671
CVE
CVE-2025-0070
CVE
CVE-2026-27685
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.