CVE-2026-27680

Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Publication date: 2026-05-14

Last updated on: 2026-05-15

Assigner: SAP SE

Description

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-14

Last Modified

2026-05-15

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

CVE-2026-27680

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-276	During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-27680

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart