CVE-2026-34258
Received Received - Intake
SAPUI5 Search UI URL Parameter Manipulation

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: SAP SE

Description
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-05-12
AI Q&A
2026-05-12
EPSS Evaluated
N/A
NVD
CVE-2026-34258
EUVD
EUVD-2026-29368
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap sapui5 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-451 The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in SAPUI5 (Search UI) where an unauthenticated attacker can manipulate specific URL parameters to inject malicious content.

If successfully exploited, it may cause users to be misled into clicking links that lead to attacker-controlled pages rendered by the application.


How can this vulnerability impact me? :

The impact of this vulnerability is low on confidentiality and has no effect on the integrity or availability of the application.

However, it can mislead users into accessing malicious pages, potentially exposing them to phishing or other social engineering attacks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart