CVE-2026-24320
Undergoing Analysis Undergoing Analysis - In Progress
Memory Corruption in SAP NetWeaver ABAP via Improper Input Handling

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-05-27
AI Q&A
2026-02-10
EPSS Evaluated
2026-05-25
NVD
CVE-2026-24320
EUVD
EUVD-2026-6470
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
sap netweaver_as_abap_krnl64uc 7.22
sap netweaver_as_abap_kernel 7.22
sap netweaver_as_abap_kernel 7.77
sap netweaver_as_abap_krnl64nuc 7.22ext
sap netweaver_as_abap_krnl64nuc 7.22
sap netweaver_as_abap_kernel 7.89
sap netweaver_as_abap_kernel 7.54
sap netweaver_as_abap_kernel 7.93
sap netweaver_as_abap_kernel 9.16
sap netweaver_as_abap_kernel 9.17
sap netweaver_as_abap_kernel 9.18
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-113 The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP). An authenticated attacker can exploit logical errors in how memory is managed by providing specially crafted input containing unique characters that are improperly converted. This can lead to memory corruption and potentially cause leakage of memory content.


How can this vulnerability impact me? :

Successful exploitation of this vulnerability may result in a low impact on the confidentiality of the application by leaking some memory content. However, it does not affect the integrity or availability of the application.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart