CVE Catalog

CVE-2026-40128

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Summary

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal.

Risk Assessment

The attacker could access sensitive information or render any part of the local system unavailable, posing a serious security threat to the organization.

Recommendation

It is recommended to update the system to the latest version and implement appropriate security mechanisms against path traversal attacks.

Original NVD description (English source)

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS