CVE-2026-24320

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3678313	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:9.17:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:::::::*

History

No history.

Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 15:27

NVD link : CVE-2026-24320

Mitre link : CVE-2026-24320

CVE.ORG link : CVE-2026-24320

JSON object : View

Products Affected

sap

netweaver_as_abap_kernel
netweaver_as_abap_krnl64nuc
netweaver_as_abap_krnl64uc

CWE

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-24320", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2026-02-10T04:16:03.990", "references": [{"url": "https://me.sap.com/notes/3678313", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-113"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability."}, {"lang": "es", "value": "Debido a una gesti\u00f3n de memoria inadecuada en SAP NetWeaver y ABAP Platform (Servidor de Aplicaciones ABAP), un atacante autenticado podr\u00eda explotar errores l\u00f3gicos en la gesti\u00f3n de memoria al proporcionar una entrada especialmente dise\u00f1ada que contiene caracteres \u00fanicos, los cuales se convierten de forma incorrecta. Esto podr\u00eda resultar en corrupci\u00f3n de memoria y la posible fuga de contenido de la memoria. La explotaci\u00f3n exitosa de esta vulnerabilidad tendr\u00eda un bajo impacto en la confidencialidad de la aplicaci\u00f3n, sin efecto en su integridad o disponibilidad."}], "lastModified": "2026-02-17T15:27:30.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE603A80-8FF0-4180-9E11-C468AE2441C7"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5D31D3-B2B2-4347-B8DF-D06056289598"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50570852-982E-40CA-B391-3FB8B9373F78"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8B74AD9-A83E-45DD-96C2-4F3C8C8C6AE6"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237DBA4A-B5A9-48C9-B6A3-D293BB66EF69"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3668B2D9-0A4C-43F5-B248-9A6438AF7D71"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:9.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB41121A-3D27-460C-A9AF-A1573F1F4568"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC9779B-7571-44F7-BCCC-6BF2834ED779"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02507EB2-8776-4EA9-9164-B2F6AD911B59"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7867ADA5-47AA-48DD-9CAC-D3ACB5713CB3"}, {"criteria": "cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5E3292A-7311-4821-A52E-8FB4A1449D44"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}