CVE-2026-34258 PUBLISHED

Content Spoofing vulnerability in SAPUI5 (Search UI)

Assigner: sap
Reserved: 26.03.2026 Published: 12.05.2026 Updated: 12.05.2026

SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVSS Score: 4.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAPUI5 (Search UI)
Versions	Default: unaffected Version SAPUI5 1.108 is affected Version 1.120 is affected Version 1.136 is affected Version 1.142 is affected Version 1.71 is affected Version 1.84 is affected Version 1.96 is affected

CVE-2026-34258 PUBLISHED

Content Spoofing vulnerability in SAPUI5 (Search UI)

Metrics

Product Status

References

Problem Types