CVE-2026-40128

Published: Giu 09, 2026 Last Modified: Giu 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

Path Traversal: '.../...//'

Incomplete

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://me.sap.com/notes/3727078

https://url.sap/sapsecuritypatchday

CVE-2026-40128

Description

Path Traversal: '.../...//'

Common Consequences

Applicable Platforms

Iscriviti alla newsletter