CVE-2026-34257
MEDIUM WAF: Medium
CVSS 6.1
Published: 2026-04-14
CWE-601
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sap | netweaver_application_server_abap | 700 |
| sap | netweaver_application_server_abap | 701 |
| sap | netweaver_application_server_abap | 702 |
| sap | netweaver_application_server_abap | 731 |
| sap | netweaver_application_server_abap | 740 |
| sap | netweaver_application_server_abap | 750 |
| sap | netweaver_application_server_abap | 752 |
| sap | netweaver_application_server_abap | 753 |
| sap | netweaver_application_server_abap | 754 |
| sap | netweaver_application_server_abap | 755 |
References
- me.sap.com (Permissions Required)
- url.sap (Vendor Advisory)