CVE-2026-34258
Content Spoofing vulnerability in SAPUI5 (Search UI)
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.
| Vendor | sap_se |
| Product | sapui5 (search ui) |
| Published | May 12, 2026 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sapui5 (search ui)
Be the first to know when new medium vulnerabilities affecting sap_se sapui5 (search ui) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
SAP_SE / SAPUI5 (Search UI)
SAPUI5 1.108 1.120 1.136 1.142 1.71 1.84 1.96