Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
SAP NetWeaver Application Server ABAP: Malicious Redirect to Attacker-Controlled Site
CVE-2026-34257
Summary
An attacker can trick users into visiting a fake website by creating a malicious link. This could potentially lead to phishing or other attacks. SAP has likely released a patch or advisory to address this issue, so check with the vendor for updates and apply any necessary fixes.
Original title
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the ...
Original description
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.
nvd CVSS3.1
6.1
Vulnerability type
CWE-601
Open Redirect
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026