medium2026-05-12SAP NetWeaverCVE-2026-27682

Reflected XSS in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP

Our Take

Broad BASIS version coverage. XSS in a frequently used web component is a routine but real phishing vector. Next planned window.

Vulnerability Detail

Reflected cross-site scripting vulnerability in SAP NetWeaver AS ABAP. An attacker can craft a URL that, when accessed by a victim, executes scripts in the browser context of the victim.

Patch Action

Apply SAP Note 3728690.

Affected Versions

SAP_BASIS 700–918

Patch Info

CVSS Score

4.7

SAP Note

3728690 ↗

CVE

CVE-2026-27682

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches