CVE-2026-24320

Summary

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)KRNL64NUC 7.22affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.22EXTaffected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)KRNL64UC 7.22affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.53affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)8.04affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)KERNEL 7.22affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.54affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.77affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.89affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.93affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)9.16affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)9.17affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)9.18affected

Weaknesses

  • CWE-113: CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References