CVE-2026-24328 MEDIUM

CVE-2026-24328: Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

Vendor Sap_Se

Product Business Server Pages Application (TAF_APPLAUNCHER)

Weakness CWE-601 · Open redirect

Published February 10, 2026

Last update February 10, 2026

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.

Key dates

02Disclosure timeline

February 10, 2026 CVE published

February 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-24328

Related vulnerabilities

Identifiers

CVE CVE-2026-24328

CWE CWE-601

CVSS 6.1 / MEDIUM

Affected versions

Vendor Sap_Se

Product Business Server Pages Application (TAF_APPLAUNCHER)

Affected ST-PI 2008_1_700

Vendor Sap_Se

Product Business Server Pages Application (TAF_APPLAUNCHER)

Affected 2008_1_710

Vendor Sap_Se

Product Business Server Pages Application (TAF_APPLAUNCHER)

Affected 740

Vendor Sap_Se

Product Business Server Pages Application (TAF_APPLAUNCHER)

Affected 758

CVE-2026-24328: Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

01Description

02Disclosure timeline

03References

04Related CVE