CVE-2026-0512

Vulnerability

Description

The flaw resides in the Internet Communication Framework (ICF) handler of the SAP Supplier Relationship Management (SRM) Catalog component. An unauthenticated attacker can craft a malicious URL that, when accessed by a victim, leads to the execution of arbitrary script content in the victim's browser [1]. The root cause is improper neutralization of user-controlled input during the generation of web pages, a classic cross-site scripting (XSS) pattern.

Exploitation

Prerequisites

No authentication is required to trigger the vulnerability. The attacker only needs to lure a victim into clicking the specially crafted link, either through phishing, social engineering, or by embedding the link in a third-party website [1]. The attack does not require any special network position other than the ability to deliver the URL to the target.

Impact

Successful exploitation allows the attacker to impersonate the victim within the SRM application's browser session. This can lead to unauthorized access to sensitive information and the ability to modify data visible or accessible through the victim's session. The confidentiality and integrity of the affected application are compromised, while availability remains unaffected [1].

Mitigation

SAP has released security patches for this issue as part of its regular Security Patch Day. Administrators should apply the relevant SAP Security Note without delay. No workaround is known, and the vulnerability does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog at the time of publication. Users are advised to follow SAP's standard patching procedures [1].