CVE-2026-44749

Vulnerability

The SAP Gateway contains a content injection vulnerability in error message handling. An attacker can inject content into error responses, causing the disclosure of request artifacts such as regex patterns and revealing underlying URI parsing logic. This issue affects SAP Gateway systems as described in SAP Security Notes published on Patch Day [1]. No specific version numbers are provided in the available references.

Exploitation

An attacker requires network access to the SAP Gateway service. No authentication is required. By crafting a request with specially chosen values that trigger error responses, the attacker can inject content that is reflected back in the error message, thereby revealing internal processing details such as regex patterns and URI parsing logic.

Impact

Successful exploitation leads to low impact on confidentiality as defined by the CVSS v3 score of 4.3 (Medium). The attacker gains insight into the Gateway's URI parsing logic and related request artifacts, which could aid in further attacks. Integrity and availability are not affected.

Mitigation

SAP has released security notes addressing this vulnerability as part of its regular SAP Security Patch Day [1]. Customers should apply the relevant SAP Security Notes for their Gateway installations. Affected systems should be updated to the latest support packages that include the fix as per SAP's maintenance strategy for low and medium severity notes [1].