CVE-2026-40128EPSS p35.2%

CVE-2026-40128CVE-2026-40128

Description

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

Scoring

CVSS 9.0 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.44% probability of exploitation · percentile 35.2% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42922
CVE
CVE-2026-40135
CVE
CVE-2026-0507
CVE
CVE-2026-27674
CVE
CVE-2026-44746
CVE
CVE-2025-0066
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.