CVE-2026-34257
Analyzed Analyzed - Analysis Complete
Open Redirect Vulnerability in SAP NetWeaver ABAP Server

Publication date: 2026-04-14

Last updated on: 2026-06-03

Assigner: SAP SE

Description
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-06-03
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34257
EUVD
EUVD-2026-22168
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
sap netweaver_application_server_abap 702
sap netweaver_application_server_abap 700
sap netweaver_application_server_abap 701
sap netweaver_application_server_abap 731
sap netweaver_application_server_abap 740
sap netweaver_application_server_abap 750
sap netweaver_application_server_abap 752
sap netweaver_application_server_abap 753
sap netweaver_application_server_abap 754
sap netweaver_application_server_abap 755
sap netweaver_application_server_abap 756
sap netweaver_application_server_abap 757
sap netweaver_application_server_abap 758
sap netweaver_application_server_abap 816
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This Open Redirect vulnerability in SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to redirect users to attacker-controlled pages, which may lead to phishing or social engineering attacks.

While the vulnerability has low impact on confidentiality and integrity and no impact on availability, it could indirectly affect compliance with standards like GDPR or HIPAA by increasing the risk of unauthorized data exposure or user deception.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Executive Summary

This vulnerability is an Open Redirect issue in SAP NetWeaver Application Server ABAP. It allows an unauthenticated attacker to create a malicious URL that, when clicked by a victim, redirects them to a website controlled by the attacker.

Impact Analysis

The impact of this vulnerability is low on the confidentiality and integrity of the application, and it does not affect availability. However, it can be used to redirect users to malicious sites, potentially leading to phishing or other social engineering attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34257. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart