VYPR
Low severity3.1NVD Advisory· Published May 14, 2026· Updated Jun 3, 2026

CVE-2026-27680

CVE-2026-27680

Description

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_ui:*:*:*+ 2 more
    • cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_ui:*:*:*
    • cpe:2.3:a:sap:netweaver_application_server_abap:816:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.