medium2026-07-14SAP NetWeaverCVE-2026-44759

Reflected XSS in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal

Our Take

Enterprise Portal is broadly used as the frontend for legacy SAP applications. If your organisation still runs EP for user access to ABAP transactions, include this in the next planned window.

Vulnerability Detail

Reflected cross-site scripting vulnerability in URL parameters of SAP NetWeaver Enterprise Portal. An attacker can craft a malicious URL that, when visited by an authenticated portal user, executes scripts in the victim's browser context, enabling session hijacking or credential theft.

Patch Action

Apply SAP Note 3746678. Verify affected versions in the official SAP Note.

Patch Info

CVSS Score

6.1

SAP Note

3746678

CVE

CVE-2026-44759

Published

2026-07-14

← All patches