CVE-2026-0514 — MEDIUM (6.1)

Vulnerability Description

Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Business Connector	4.8

Related Weaknesses (CWE)

CWE-79

References

https://me.sap.com/notes/3666061Permissions Required
https://url.sap/sapsecuritypatchdayVendor Advisory

FAQ

What is CVE-2026-0514?

CVE-2026-0514 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redir...

How severe is CVE-2026-0514?

CVE-2026-0514 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0514?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Business Connector.