Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (sap) · only source for this CVE.
CVSS VectorVendor: sap
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.
Articles & Coverage 1
AnalysisAI
Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, identify and catalog all production and development SAP NetWeaver ABAP instances, audit which users hold authentication credentials, and revoke or strictly limit access permissions for non-critical accounts; simultaneously activate detailed logging of database transactions and system-level API calls to generate forensic evidence if exploitation occurs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43586
GHSA-wpx3-vvrc-3w8m