CVE-2026-34257
Open Redirect Vulnerability in SAP NetWeaver ABAP Server
Publication date: 2026-04-14
Last updated on: 2026-04-14
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver_application_server_abap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This Open Redirect vulnerability in SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to redirect users to attacker-controlled pages, which may lead to phishing or social engineering attacks.
While the vulnerability has low impact on confidentiality and integrity and no impact on availability, it could indirectly affect compliance with standards like GDPR or HIPAA by increasing the risk of unauthorized data exposure or user deception.
However, the provided information does not explicitly state the direct impact on compliance with these regulations.
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect issue in SAP NetWeaver Application Server ABAP. It allows an unauthenticated attacker to create a malicious URL that, when clicked by a victim, redirects them to a website controlled by the attacker.
How can this vulnerability impact me? :
The impact of this vulnerability is low on the confidentiality and integrity of the application, and it does not affect availability. However, it can be used to redirect users to malicious sites, potentially leading to phishing or other social engineering attacks.