CVE-2026-44748
CriticalCVSS 9.9Summary
SAP NetWeaver Application Server ABAP and ABAP Platform allow an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may lead to acceptance of tampered identity information, resulting in unauthorized access to sensitive user data.
Risk Assessment
This vulnerability may compromise the confidentiality, integrity, and availability of the application, posing a significant threat to the organization.
Recommendation
It is recommended to implement additional verification mechanisms and monitor system access to minimize the risk of unauthorized access.
Original NVD description (English source)
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application.

