Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026

CRLF Injection vulnerability in SAP NetWeaver Application Server Java

CVE-2026-23686

Description

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.

Affected products

SAP/Netweaver Application Server Javallm-fuzzy
SAP_SE/SAP NetWeaver Application Server Javav5
Range: LMNWABASICAPPS 7.50

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3673213mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000