CVE-2026-0513 — Open Redirect in SE SAP Supplier Relationship Management

CWE-601 — Open Redirect3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 74.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Supplier Relationship Management SAP Supplier Relationship Management

Timeline

PublishedJan 13

Description

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/supplier_relationship_management5 versions+4

▶CVEListV5sap_se/sap_supplier_relationship_management5 versions+4

Patches

Patch: url.sap ↗

🔴Vulnerability Details

GHSA

GHSA-w8gf-92gc-cx36: Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a↗2026-01-13

▶

CVEList

Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)↗2026-01-13

▶