Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

CVE-2026-24316

Description

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.

Affected products

SAP/Netweaver Abap Application Serverllm-fuzzy
SAP_SE/SAP NetWeaver Application Server for ABAPv5
Range: SAP_BASIS 740

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3689080mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000