CVE-2026-23687

CWE-3474 documents4 sources

Severity

8.8HIGH

EPSS

0.0%

top 96.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap AND Abap Platform SAP SAP Basis

Timeline

PublishedFeb 10

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_and_abap_platform19 versions+18

▶NVDsap/sap_basis18 versions+17

🔴Vulnerability Details

GHSA

GHSA-464m-h7w2-29w7: SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and s↗2026-02-10

▶

CVEList

XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23687 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶