216.73.217.64

CVE-2026-40135

· Published 12/05/2026 03:16 · Modified 12/05/2026 14:19

Labels: CVE-2026-40135 2026-05-12CVE-2026-40135CWE-77[email protected]

Essential information

Published
12/05/2026 03:16
Modified
12/05/2026 14:19
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS metrics

Description

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sap / sap netweaver application server cpe:2.3:a:sap:sap_netweaver_application_server:*:*:*:*:*:*:*:*
sap / abap platform cpe:2.3:a:sap:abap_platform:*:*:*:*:*:*:*:*

References