CVE-2026-44749

4.3 MEDIUM

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., reg...

Published: 2026-05-26 · Last updated: 2026-05-26

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-497

Description

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44749
[Other]https://me.sap.com/notes/3433366
[Other]https://url.sap/sapsecuritypatchday

Related CVEs

Same CWE

CVE-2026-0466 — Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potent...
CVE-2026-44743 — Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive in... (3.7 LOW)
CVE-2026-49077 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve... (5.3 MEDIUM)
CVE-2018-25358 — D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configura... (7.5 HIGH)
CVE-2026-27349 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embe... (4.3 MEDIUM)