CVE-2026-24320HTTP Request/Response Splitting in SE SAP Netweaver AND Abap Platform

CWE-113HTTP Request/Response SplittingCWE-787Out-of-bounds Write3 documents3 sources
Severity
3.1LOWNVD
EPSS
0.0%
top 98.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP SE SAP Netweaver AND Abap PlatformSAP Netweaver AS Abap KernelSAP Netweaver AS Abap Krnl64nuc+1 more
Timeline
PublishedFeb 10

Description

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

CVEListV5sap_se/sap_netweaver_and_abap_platform13 versions+12
NVDsap/netweaver_as_abap_krnl64nuc7.22, 7.22ext+1

🔴Vulnerability Details

2
CVEList
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)2026-02-10
GHSA
GHSA-hfw8-fmmj-c2q7: Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors2026-02-10
CVE-2026-24320 — HTTP Request/Response Splitting | cvebase