CVE-2026-27682

🗓️ 12 May 2026 02:19:26Reported by sapType

Unauthenticated reflected XSS in SAP NetWeaver ABAP enables script execution from a crafted URL.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-27682	12 May 202602:19	–	attackerkb
Circl	CVE-2026-27682	12 May 202614:20	–	circl
CNNVD	SAP NetWeaver Application Server ABAP 跨站脚本漏洞	12 May 202600:00	–	cnnvd
Cvelist	CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)	12 May 202602:19	–	cvelist
EUVD	EUVD-2026-29370	12 May 202603:31	–	euvd
NCSC	Vulnerabilities found in various SAP products	12 May 202612:21	–	ncsc
NVD	CVE-2026-27682	12 May 202603:16	–	nvd
Positive Technologies	PT-2026-39918	12 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-27682	5 Jun 202619:33	–	redhatcve
Tenable Nessus	SAP NetWeaver AS ABAP Reflected XSS (3728690)	15 May 202600:00	–	nessus

NVD

Vulners

Node

sap netweaver_application_server_abapMatch700sap_basis

sap netweaver_application_server_abapMatch701sap_basis

sap netweaver_application_server_abapMatch702sap_basis

sap netweaver_application_server_abapMatch731sap_basis

sap netweaver_application_server_abapMatch740sap_basis

sap netweaver_application_server_abapMatch750sap_basis

sap netweaver_application_server_abapMatch751sap_basis

sap netweaver_application_server_abapMatch752sap_basis

sap netweaver_application_server_abapMatch753sap_basis

sap netweaver_application_server_abapMatch754sap_basis

sap netweaver_application_server_abapMatch755sap_basis

sap netweaver_application_server_abapMatch756sap_basis

sap netweaver_application_server_abapMatch757sap_basis

sap netweaver_application_server_abapMatch758sap_basis

sap netweaver_application_server_abapMatch816sap_basis

sap netweaver_application_server_abapMatch918sap_basis

[
  {
    "vendor": "SAP_SE",
    "product": "SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 816"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 918"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3728690

17 Jun 2026 10:27Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.7 - 6.1

EPSS0.00223

SSVC

CWE-79