CVE-2026-24316
Analyzed Analyzed - Analysis Complete
SSRF Vulnerability in SAP NetWeaver ABAP Report Risks Data Exposure

Publication date: 2026-03-10

Last updated on: 2026-06-03

Assigner: SAP SE

Description
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-06-03
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24316
EUVD
EUVD-2026-10451
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
sap netweaver_application_server_abap 740
sap netweaver_application_server_abap 750
sap netweaver_application_server_abap 752
sap netweaver_application_server_abap 753
sap netweaver_application_server_abap 754
sap netweaver_application_server_abap 755
sap netweaver_application_server_abap 756
sap netweaver_application_server_abap 757
sap netweaver_application_server_abap 758
sap netweaver_application_server_abap 816
sap netweaver_application_server_abap 918
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP NetWeaver Application Server for ABAP, specifically in an ABAP Report designed for testing purposes. The report allows sending HTTP requests to arbitrary internal or external endpoints, which makes it vulnerable to Server-Side Request Forgery (SSRF).

An attacker exploiting this vulnerability could cause the server to interact with internal endpoints that may be sensitive, potentially bypassing network restrictions.

Impact Analysis

Successful exploitation of this SSRF vulnerability could lead to interaction with sensitive internal endpoints, which may expose or alter data.

The impact on data confidentiality and integrity is considered low, and there is no impact on the availability of the application.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24316. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart