CVE-2026-0512
Received Received - Intake
Cross-Site Scripting in SAP SRM SICF Handler Enables Data Manipulation

Publication date: 2026-04-14

Last updated on: 2026-04-14

Assigner: SAP SE

Description
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0512
EUVD
EUVD-2026-22138
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap supplier_relationship_management *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Scripting (XSS) issue found in the SAP Supplier Relationship Management system, specifically in the SICF Handler within the SRM Catalog. An attacker who is not authenticated can create a malicious URL. If a victim clicks on this URL, malicious code can execute within the victim's browser.

This execution of malicious content can allow the attacker to access and modify information within the application.

Impact Analysis

The vulnerability can impact you by allowing an attacker to access and modify sensitive information within the SAP Supplier Relationship Management application. This affects the confidentiality and integrity of your data.

However, the availability of the application is not affected by this vulnerability.

Compliance Impact

This vulnerability allows an unauthenticated attacker to execute malicious content in a victim's browser, potentially leading to unauthorized access and modification of information. Such impacts on confidentiality and integrity could pose risks to compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA.

However, the provided information does not explicitly detail the direct effects on compliance with these standards or any specific regulatory implications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0512. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart