CVE-2026-0514
Last modified
CVE-2026-0514 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Connector | 4.8 |
References
- https://me.sap.com/notes/3666061Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0514?
How severe is CVE-2026-0514?
How do I fix CVE-2026-0514?
Are you affected by CVE-2026-0514?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST