CVE-2026-23687
8.8 HIGHPublished 2026-02-10 · Modified 2026-02-10 · Received
Quick Summary
This vulnerability in SAP NetWeaver allows an authenticated user to tamper with digitally signed messages. The system can be tricked into accepting these forged messages, which undermines the security of the signed data.
Who is affected
SAP NetWeaver ABAP and ABAP Platform users are affected. An attacker with standard user privileges could gain unauthorized access to sensitive data and disrupt system operations.
Recommended fix
Apply the relevant SAP Security Note as provided by SAP. Organizations should patch their systems immediately; specific note numbers and patch details are available in the official SAP advisory.
Technical Description
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-347