SecuriTricks - CVE-2026-24320

Description

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Product(s) Impacted

Vendor	Product	Versions
Sap	Netweaver Abap Platform	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	sap	netweaver	/	/	/	/	/	/	/	/
a	sap	abap_platform	/	/	/	/	/	/	/	/

References

https://me.sap.com/notes/3678313

https://url.sap/sapsecuritypatchday

CVSS Score

3.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: Feb. 10, 2026, 4:16 a.m.
Last Modified: Feb. 10, 2026, 3:22 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-24320