CVE-2026-24316 MEDIUM

CVE-2026-24316: Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

Vendor Sap_Se
Product SAP NetWeaver Application Server for ABAP
Weakness CWE-918 · SSRF
Published March 10, 2026
Last update March 10, 2026
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 10, 2026 Record updated