CVE-2026-0508 HIGH

CVE-2026-0508: Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform

Vendor Sap_Se

Product SAP BusinessObjects Business Intelligence Platform

Weakness CWE-601 · Open redirect

Published February 10, 2026

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.

Key dates

02Disclosure timeline

February 10, 2026 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-0508 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

Identifiers

CVE CVE-2026-0508

CWE CWE-601

CVSS 7.3 / HIGH

Affected versions

Vendor Sap_Se

Product SAP BusinessObjects Business Intelligence Platform

Affected ENTERPRISE 430

Vendor Sap_Se

Product SAP BusinessObjects Business Intelligence Platform

Affected 2025

Vendor Sap_Se

Product SAP BusinessObjects Business Intelligence Platform

Affected 2027

CVE-2026-0508: Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform

01Description

02Disclosure timeline

03References

04Related CVE