CVE-2026-0510 LOW

CVE-2026-0510: Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

Vendor Sap_Se

Product NW AS Java UME User Mapping

Weakness CWE-326 · Weak encryption

Published January 13, 2026

Last update January 13, 2026

View on NVD All CVEs

CVSS base score

3.0/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

Description

The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.

Key dates

Disclosure timeline

January 13, 2026 CVE published

January 13, 2026 Record updated

Identifiers

CVE CVE-2026-0510

CWE CWE-326

CVSS 3.0 / LOW

Affected versions

Vendor Sap_Se

Product NW AS Java UME User Mapping

Affected ENGINEAPI 7.50

Vendor Sap_Se

Product NW AS Java UME User Mapping

Affected SERVERCORE 7.50

Vendor Sap_Se

Product NW AS Java UME User Mapping

Affected UMEADMIN 7.50