CVE-2026-24320
Undergoing Analysis Undergoing Analysis - In Progress

Memory Corruption in SAP NetWeaver ABAP via Improper Input Handling

Vulnerability report for CVE-2026-24320, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-07-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
sap netweaver_as_abap_krnl64uc 7.22
sap netweaver_as_abap_kernel 7.22
sap netweaver_as_abap_kernel 7.77
sap netweaver_as_abap_krnl64nuc 7.22ext
sap netweaver_as_abap_krnl64nuc 7.22
sap netweaver_as_abap_kernel 7.89
sap netweaver_as_abap_kernel 7.54
sap netweaver_as_abap_kernel 7.93
sap netweaver_as_abap_kernel 9.16
sap netweaver_as_abap_kernel 9.17
sap netweaver_as_abap_kernel 9.18

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-113 The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP). An authenticated attacker can exploit logical errors in how memory is managed by providing specially crafted input containing unique characters that are improperly converted. This can lead to memory corruption and potentially cause leakage of memory content.

Impact Analysis

Successful exploitation of this vulnerability may result in a low impact on the confidentiality of the application by leaking some memory content. However, it does not affect the integrity or availability of the application.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24320. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart