CVE-2026-0512 MEDIUM

CVE-2026-0512: Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Vendor Sap_Se
Product SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
Weakness CWE-79 · XSS
Published April 14, 2026
Last update April 14, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras CVE-2024-44003 WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability CVE-2022-0376 User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting CVE-2025-22638 WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting