anonhaven
Ad

CVE-2026-27685

CRITICAL CVSS 3.1: 9.1 EPSS 0.06%
Updated Mar 10, 2026
SAP
Parameter Value
CVSS 9.1 (CRITICAL)
Type CWE-502 (Deserialization of Untrusted Data)
Vendor SAP
Public PoC No

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-502 Deserialization of Untrusted Data

References 2

https://me.sap.com/notes/3714585
cna@sap.com
https://url.sap/sapsecuritypatchday
cna@sap.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34264

SAP

6.5

CVE-2026-34262

SAP

5.0

CVE-2026-34261

SAP

6.5

CVE-2026-34257

SAP

6.1

CVE-2026-34256

SAP

7.1