Skip to main content

SAP Approuter EUVDEUVD-2026-43585

| CVE-2026-44745 HIGH
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-07-14 sap GHSA-44p5-3m5g-vfhj
8.1
CVSS 3.1 · Vendor: sap
Share

Severity by source

Vendor (sap) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Network-reachable, low-complexity, unauthenticated open redirect in the OAuth2 flow requiring a victim click (UI:R); token/code theft yields high C and I, no availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (sap).

CVSS VectorVendor: sap

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch available
Jul 14, 2026 - 05:17 EUVD
Analysis Generated
Jul 14, 2026 - 01:16 vuln.today
CVE Published
Jul 14, 2026 - 00:18 cve.org
HIGH 8.1

DescriptionCVE.org

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.

AnalysisAI

Unauthorized access in SAP Approuter arises because the component fails to validate incoming request headers during the OAuth2 login flow under certain configurations (CWE-601, open redirect). An unauthenticated remote attacker who lures a victim into clicking a crafted link can hijack the authentication flow to gain high-confidentiality and high-integrity access to the application. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious OAuth2 login link with spoofed headers
Delivery
Deliver link to victim via phishing
Exploit
Victim clicks and authenticates at Approuter
Execution
Redirect/auth code steered to attacker
Impact
Gain unauthorized access to application

Vulnerability AssessmentAI

Exploitation Exploitation requires that SAP Approuter be running in one of the vulnerable 'certain configurations' of the OAuth2 login flow where incoming request headers are not validated - i.e., the OAuth2/XSUAA-backed login path must be enabled and reachable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N (8.1, High) describes a network-reachable, low-complexity, unauthenticated attack whose single gating factor is user interaction - the victim must click the malicious link. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a link to a legitimate SAP Approuter-fronted application that embeds manipulated headers/parameters influencing the OAuth2 redirect, then delivers it to a targeted user via phishing email or chat. When the authenticated victim clicks the link and completes the OAuth2 login, Approuter redirects the flow (or leaks the authorization code) to an attacker-controlled destination, letting the attacker obtain unauthorized access to the application with the victim's context. …
Remediation Patch available per vendor advisory: apply the fix described in SAP Security Note 3741519 (https://me.sap.com/notes/3741519) and cross-check the SAP Security Patch Day page (https://url.sap/sapsecuritypatchday) for the exact patched Approuter release, then upgrade the @sap/approuter dependency to that version; the note lists the specific fixed version, which is not reproduced in the input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all SAP Approuter instances in your environment and assess which business applications depend on them; notify application owners, security teams, and BTP platform administrators of the vulnerability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-1000117 HIGH POC
8.8 Oct 05

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca

CVE-2024-52875 HIGH POC
8.8 Jan 31

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-2248 MEDIUM POC
5.8 Jul 20

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to

CVE-2012-6499 MEDIUM POC
5.8 Jan 12

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows

CVE-2015-2863 MEDIUM POC
4.3 Jul 20

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b

CVE-2017-3528 MEDIUM POC
5.4 Apr 24

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li

CVE-2012-0518 MEDIUM
4.7 Oct 16

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3

CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2015-5354 MEDIUM POC
5.8 Jul 01

Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites

CVE-2015-5461 MEDIUM POC
6.4 Jul 08

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for

CVE-2024-22891 CRITICAL POC
9.8 Mar 01

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated crit

Share

EUVD-2026-43585 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy