Skip to main content

Ui5 Webcomponents Base

1 CVEs product

Monthly

CVE-2026-44767 MEDIUM PATCH This Month

CSS stylesheet injection in SAP @ui5/webcomponents-base allows unauthenticated remote attackers to load arbitrary cross-origin stylesheets into victim pages by bypassing the sap-allowed-theme-origins allowlist enforcement inside setThemeRoot(). The ?sap-themeRoot URL query parameter is a direct delivery vector, making socially-engineered exploitation trivial - no authentication is required from the attacker (CVSS PR:N), only a victim page load (UI:R). Successful exploitation enables UI redressing, clickjacking, phishing overlays, visual defacement, and limited CSS attribute-selector-based data exfiltration; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SAP Authentication Bypass Ui5 Webcomponents Base
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

CSS stylesheet injection in SAP @ui5/webcomponents-base allows unauthenticated remote attackers to load arbitrary cross-origin stylesheets into victim pages by bypassing the sap-allowed-theme-origins allowlist enforcement inside setThemeRoot(). The ?sap-themeRoot URL query parameter is a direct delivery vector, making socially-engineered exploitation trivial - no authentication is required from the attacker (CVSS PR:N), only a victim page load (UI:R). Successful exploitation enables UI redressing, clickjacking, phishing overlays, visual defacement, and limited CSS attribute-selector-based data exfiltration; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SAP Authentication Bypass Ui5 Webcomponents Base
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy