medium2026-07-14SAP NetWeaverCVE-2026-44760

Cross-Site Scripting in SAP NetWeaver AS ABAP Business Server Pages

SAP NetWeaver AS ABAP (Business Server Pages)

Our Take

BSP is used in legacy web applications across many SAP modules. Standard planned window — bundle with other BASIS-level patches.

Vulnerability Detail

Cross-site scripting vulnerability in the Business Server Pages (BSP) component of SAP NetWeaver AS ABAP. An attacker can craft a URL targeting a BSP application that, when visited by an authenticated user, executes scripts in the victim's browser context.

Patch Action

Apply SAP Note 3754659. Verify affected versions in the official SAP Note.

Patch Info

CVSS Score

4.7

SAP Note

3754659

CVE

CVE-2026-44760

Published

2026-07-14

← All patches