CVE-2026-44749

Summary

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP GatewaySAP_GWFND 750affected
SAP_SESAP Gateway751affected
SAP_SESAP Gateway752affected
SAP_SESAP Gateway753affected
SAP_SESAP Gateway754affected
SAP_SESAP Gateway755affected
SAP_SESAP Gateway756affected
SAP_SESAP Gateway757affected
SAP_SESAP Gateway758affected
SAP_SESAP GatewaySAP_BASIS 795affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References