High severity8.8NVD Advisory· Published Feb 10, 2026· Updated Jun 9, 2026
CVE-2026-23687
CVE-2026-23687
Description
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:804:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:916:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:917:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_basis:918:*:*:*:*:*:*:*
- Range: SAP_BASIS 700
Patches
Vulnerability mechanics
References
3- url.sap/sapsecuritypatchdaynvdVendor Advisory
- me.sap.com/notes/3697567nvdPermissions Required
- seclists.org/fulldisclosure/2026/Jun/1nvd
News mentions
0No linked articles in our index yet.