CVE-2026-34258
Received Received - Intake
SAPUI5 Search UI URL Parameter Manipulation

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: SAP SE

Description
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-34258
EUVD
EUVD-2026-29368
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap sapui5 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-451 The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in SAPUI5 (Search UI) where an unauthenticated attacker can manipulate specific URL parameters to inject malicious content.

If successfully exploited, it may cause users to be misled into clicking links that lead to attacker-controlled pages rendered by the application.

Impact Analysis

The impact of this vulnerability is low on confidentiality and has no effect on the integrity or availability of the application.

However, it can mislead users into accessing malicious pages, potentially exposing them to phishing or other social engineering attacks.

Compliance Impact

The vulnerability in SAPUI5 allows an unauthenticated attacker to manipulate URL parameters to include malicious content, potentially misleading users to attacker-controlled pages. It has a low impact on confidentiality and no effect on integrity or availability.

Based on the provided information, there is no explicit mention of how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart