1. Home
  2. CVE Database
  3. CVE-2026-27682
MEDIUM · 4.7

CVE-2026-27682

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that e...

Vulnerability Description

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2026-27682?

CVE-2026-27682 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that e...

How severe is CVE-2026-27682?

CVE-2026-27682 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27682?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.