CVE-2026-34257 PUBLISHED

Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Assigner: sap
Reserved: 26.03.2026 Published: 14.04.2026 Updated: 14.04.2026

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score: 6.1

Product Status

Vendor SAP_SE
Product SAP NetWeaver Application Server ABAP
Versions Default: unaffected
  • Version SAP_BASIS 700 is affected
  • Version SAP_BASIS 701 is affected
  • Version SAP_BASIS 702 is affected
  • Version SAP_BASIS 731 is affected
  • Version SAP_BASIS 740 is affected
  • Version SAP_BASIS 750 is affected
  • Version SAP_BASIS 752 is affected
  • Version SAP_BASIS 753 is affected
  • Version SAP_BASIS 754 is affected
  • Version SAP_BASIS 755 is affected
  • Version SAP_BASIS 756 is affected
  • Version SAP_BASIS 757 is affected
  • Version SAP_BASIS 758 is affected
  • Version SAP_BASIS 816 is affected

References

Problem Types