medium2026-05-12SAP NetWeaverCVE-2026-40129

Code Injection in SAP Application Server ABAP

SAP Application Server ABAP

Our Take

Code injection is always worth addressing — the medium CVSS reflects limited exploit conditions, not low intrinsic risk. Next window.

Vulnerability Detail

Code injection vulnerability in SAP Application Server ABAP affecting a broad range of BASIS versions. Allows an attacker under specific conditions to inject and execute arbitrary code.

Patch Action

Apply SAP Note 3735359.

Affected Versions

SAP_BASIS 740–816

Patch Info

CVSS Score

4.3

SAP Note

3735359 ↗

CVE

CVE-2026-40129

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches