SAP
CVE-2026-27685
CRITICAL
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.
AnalysisAI
SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.
Technical ContextAI
SAP NetWeaver Enterprise Portal Administration has a CWE-502 deserialization vulnerability exploitable by privileged users through file uploads.
Affected ProductsAI
SAP NetWeaver Enterprise Portal Administration
RemediationAI
Apply SAP patches. Validate uploaded file formats.
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today