Skip to main content

SAP CVE-2026-27685

CRITICAL
Deserialization of Untrusted Data (CWE-502)
2026-03-10 cna@sap.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 17:38 nvd
CRITICAL 9.1

DescriptionCVE.org

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.

AnalysisAI

SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.

Technical ContextAI

SAP NetWeaver Enterprise Portal Administration has a CWE-502 deserialization vulnerability exploitable by privileged users through file uploads.

Affected ProductsAI

SAP NetWeaver Enterprise Portal Administration

RemediationAI

Apply SAP patches. Validate uploaded file formats.

Share

CVE-2026-27685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy