CVE-2026-34257 — Open Redirect in SE SAP Netweaver Application Server Abap

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 89.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap

Timeline

PublishedApr 14

Latest updateApr 17

Description

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap14 versions+13

🔴Vulnerability Details

VulDB

SAP NetWeaver Application Server ABAP up to 816 redirect (Nessus ID 306732)↗2026-04-17

▶

CVEList

Open Redirect vulnerability in SAP NetWeaver Application Server ABAP↗2026-04-14

▶

GHSA

GHSA-fwjv-3fw4-7x83: Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accesse↗2026-04-14

▶