PatchSiren cyber security CVE debrief
CVE-2026-23687 SAP_SE CVE debrief
CVE-2026-23687 is a HIGH severity vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can exploit this vulnerability to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data, and potential disruption of normal system usage.
- Vendor
- SAP_SE
- Product
- SAP NetWeaver AS ABAP and ABAP Platform
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of SAP NetWeaver Application Server ABAP and ABAP Platform should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 8.8 and is classified as CWE-347. It was published on 2026-02-10T04:16:03.180Z and last modified on 2026-06-09T08:16:27.170Z.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by SAP to fix the vulnerability.
- Restrict access to sensitive areas of the system to only authorized personnel.
- Monitor system logs for suspicious activity.
Evidence notes
The vulnerability affects multiple versions of SAP NetWeaver Application Server ABAP and ABAP Platform.
Official resources
-
CVE-2026-23687 CVE record
CVE.org
-
CVE-2026-23687 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-23687 was published on 2026-02-10T04:16:03.180Z and last modified on 2026-06-09T08:16:27.170Z.