CVE-2026-24320 - Vulnerability Details - OpenCVE

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://me.sap.com/notes/3678313
https://url.sap/sapsecuritypatchday

History

Tue, 10 Feb 2026 03:45:00 +0000

Type	Values Removed	Values Added
Description		Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.
Title		Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
Weaknesses		CWE-113
References		https://me.sap.com/notes/3678313 https://url.sap/sapsecuritypatchday
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2026-02-10T03:03:42.731Z

Updated: 2026-02-10T03:03:42.731Z

Reserved: 2026-01-21T22:15:36.672Z

Link: CVE-2026-24320

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-10T04:16:03.990

Modified: 2026-02-10T04:16:03.990

Link: CVE-2026-24320

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24320", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:36.672Z", "datePublished": "2026-02-10T03:03:42.731Z", "dateUpdated": "2026-02-10T03:03:42.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver and ABAP Platform (Application Server ABAP)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "KRNL64UC 7.22"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "8.04"}, {"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "7.54"}, {"status": "affected", "version": "7.77"}, {"status": "affected", "version": "7.89"}, {"status": "affected", "version": "7.93"}, {"status": "affected", "version": "9.16"}, {"status": "affected", "version": "9.17"}, {"status": "affected", "version": "9.18"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.</p>"}], "value": "Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-113", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:03:42.731Z"}, "references": [{"url": "https://me.sap.com/notes/3678313"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}