CVE-2026-44749 MEDIUM

CVE-2026-44749: Information Disclosure vulnerability in SAP Gateway

Vendor Sap_Se
Product SAP Gateway
Weakness CWE-497
Published May 26, 2026
Last update May 26, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 26, 2026 Record updated