medium2026-06-09SAP FioriCVE-2026-24315

Path Traversal in SAP Fiori Launchpad

SAP Fiori Launchpad

Our Take

The Fiori Launchpad is the face of modern SAP for end users — it's broadly deployed and regularly accessed. Path traversal is a lower-severity finding here, but the wide user base increases the attack surface. Include in your next Fiori or SAP_UI update cycle.

Vulnerability Detail

A path traversal vulnerability in the SAP Fiori Launchpad allows an authenticated attacker to manipulate file path parameters to access resources outside the intended directory scope. Exploiting this flaw could expose configuration files or internal application data.

Patch Action

Apply SAP Note 3682699.

Affected Versions

SAP_UI 754

755

756

757

758; FIORI2 200

Patch Info

CVSS Score

4.2

SAP Note

3682699 ↗

CVE

CVE-2026-24315

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches