Vulnerability Report

CVE-2026-23685

Title: Sap Netweaver DoS

DoS

Proof Of Concept

No public PoC currently indexed for CVE-2026-23685.

CWE Category CWE-502

Published Date Feb 10, 2026

Modified Date Feb 17, 2026

Exploit Status Not Found

Score 4.4 CVSS v3.1

Exploit Probability (EPSS)

0.21%

Vulnerability Summary

CVE-2026-23685: Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

Impacted Vendors

sap 1

Reference Links

https://me.sap.com/notes/3687285 https://url.sap/sapsecuritypatchday

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

4.4

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns