CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.

CVSS v3 3.4 LOW

3.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.7 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3673213	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 16:03

NVD link : CVE-2026-23686

Mitre link : CVE-2026-23686

CVE.ORG link : CVE-2026-23686

JSON object : View

Products Affected

sap

netweaver_application_server_java

CWE

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-436

Interpretation Conflict

{"id": "CVE-2026-23686", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.7}]}, "published": "2026-02-10T04:16:03.013", "references": [{"url": "https://me.sap.com/notes/3673213", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-113"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-436"}]}], "descriptions": [{"lang": "en", "value": "Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected."}, {"lang": "es", "value": "Debido a una vulnerabilidad de inyecci\u00f3n CRLF en SAP NetWeaver Servidor de Aplicaciones Java, un atacante autenticado con acceso administrativo podr\u00eda enviar contenido especialmente dise\u00f1ado a la aplicaci\u00f3n. Si es procesado por la aplicaci\u00f3n, este contenido permite la inyecci\u00f3n de entradas no confiables en la configuraci\u00f3n generada, lo que permite la manipulaci\u00f3n de configuraciones controladas por la aplicaci\u00f3n. La explotaci\u00f3n exitosa conlleva a un bajo impacto en la integridad, mientras que la confidencialidad y la disponibilidad no se ven afectadas."}], "lastModified": "2026-02-17T16:03:09.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C506445-3787-4BFF-A98B-7502A0F7CF80"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}