CVE-2026-44748 PUBLISHED

XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

Assigner: sap
Reserved: 07.05.2026 Published: 09.06.2026 Updated: 09.06.2026

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.9

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP NetWeaver AS ABAP and ABAP Platform
Versions	Default: unaffected Version SAP_BASIS 702 is affected Version SAP_BASIS 731 is affected Version SAP_BASIS 740 is affected Version SAP_BASIS 750 is affected Version SAP_BASIS 751 is affected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected Version SAP_BASIS 918 is affected Version SAP_BASIS 919 is affected

CVE-2026-44748 PUBLISHED

XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

Metrics

Product Status

References

Problem Types