CVE-2026-34258

Summary

SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAPUI5 (Search UI)SAPUI5 1.108affected
SAP_SESAPUI5 (Search UI)1.120affected
SAP_SESAPUI5 (Search UI)1.136affected
SAP_SESAPUI5 (Search UI)1.142affected
SAP_SESAPUI5 (Search UI)1.71affected
SAP_SESAPUI5 (Search UI)1.84affected
SAP_SESAPUI5 (Search UI)1.96affected

Weaknesses

  • CWE-451: CWE-451: User Interface Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References