medium2026-05-12SAPUI5CVE-2026-34258

Content Spoofing in SAPUI5 Search UI

SAPUI5 Search UI

Our Take

Extremely broad SAPUI5 version range — affects virtually every Fiori-enabled landscape. Low severity but high reach. Include in your next Fiori or UI5 update cycle.

Vulnerability Detail

Content spoofing vulnerability in the SAPUI5 Search UI component allows an attacker to craft URLs that display misleading content within the search interface, potentially used as a phishing vector.

Patch Action

Apply SAP Note 3726583.

Affected Versions

SAPUI5 1.71–1.142

Patch Info

CVSS Score

4.7

SAP Note

3726583 ↗

CVE

CVE-2026-34258

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches