CVE-2026-27680
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
| Vendor | sap_se |
| Product | sap netweaver application server abap |
| Published | May 14, 2026 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap netweaver application server abap
Be the first to know when new low vulnerabilities affecting sap_se sap netweaver application server abap are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
SAP_SE / SAP NetWeaver Application Server ABAP
SAP_UI 758 816