Vulnerability in Sap Netweaver_application_server_java
CVE-2026-23686
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content e…
EPSS: 0.002 (5.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N.
Affected products
- Sap Netweaver_application_server_java — versions 7.50
- Sap_se Sap Netweaver Application Server Java — versions LMNWABASICAPPS 7.50
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2026-23686?
- CVE-2026-23686 is a low-severity vulnerability in Sap Netweaver_application_server_java, classified under HTTP Response Splitting. CVSS score: 3.4/10. Published 2026-02-10.
- How severe is CVE-2026-23686?
- Low severity. CVSS v3 base score is 3.4 out of 10.