Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.
AnalysisAI
SAPUI5 Search UI allows unauthenticated attackers to manipulate URL parameters to inject malicious content, potentially deceiving users into accessing attacker-controlled pages. The vulnerability requires user interaction (clicking a crafted link) and has low confidentiality impact with no effect on integrity or availability. No active exploitation has been confirmed at the time of this analysis.
Technical ContextAI
SAPUI5 is SAP's UI development framework built on OpenUI5. The Search UI component is vulnerable to insufficient URL parameter sanitization, allowing an attacker to inject arbitrary content into pages rendered by the application. This falls under CWE-451 (User Interface (UI) Misrepresentation of Critical Information), which covers cases where UI elements are manipulated to mislead users. The vulnerability affects the SAPUI5 Search UI across all versions indicated by the CPE (cpe:2.3:a:sap_se:sapui5_(search_ui):*:*:*:*:*:*:*:*), suggesting the flaw is systemic to the component rather than version-specific.
RemediationAI
Organizations should apply patches released by SAP as detailed in SAP Note 3726583 and SAP Security Patch Day (https://url.sap/sapsecuritypatchday). Since this is a UI parameter injection vulnerability, the patch likely includes input validation and encoding of URL parameters before rendering in the Search UI. Until patching is possible, implement compensating controls such as Content Security Policy (CSP) headers to restrict script execution from injected content, validate all user-supplied URL parameters on the client side, and educate users to verify URL authenticity before clicking links that access the Search UI. Note that CSP implementation may impact application functionality if not carefully scoped, and client-side validation alone is insufficient against sophisticated attackers who can craft HTTPS URLs. No workarounds have been identified in the available intelligence; patching is the primary remediation path.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29368
GHSA-jv4p-cjwp-g497