VYPR
High severity8.8NVD Advisory· Published Feb 10, 2026· Updated Jun 9, 2026

CVE-2026-23687

CVE-2026-23687

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

21
  • SAP/BASIS18 versions
    cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:804:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:916:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:917:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_basis:918:*:*:*:*:*:*:*
  • Range: SAP_BASIS 700

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.