Vulnerability in Sap Netweaver_application_server_java

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content e…

EPSS: 0.002 (5.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-23686?
CVE-2026-23686 is a low-severity vulnerability in Sap Netweaver_application_server_java, classified under HTTP Response Splitting. CVSS score: 3.4/10. Published 2026-02-10.
How severe is CVE-2026-23686?
Low severity. CVSS v3 base score is 3.4 out of 10.