{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:19:49.496","vulnerabilities":[{"cve":{"id":"CVE-2026-23686","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:03.013","lastModified":"2026-02-17T16:03:09.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected."},{"lang":"es","value":"Debido a una vulnerabilidad de inyección CRLF en SAP NetWeaver Servidor de Aplicaciones Java, un atacante autenticado con acceso administrativo podría enviar contenido especialmente diseñado a la aplicación. Si es procesado por la aplicación, este contenido permite la inyección de entradas no confiables en la configuración generada, lo que permite la manipulación de configuraciones controladas por la aplicación. La explotación exitosa conlleva a un bajo impacto en la integridad, mientras que la confidencialidad y la disponibilidad no se ven afectadas."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-113"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-436"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*","matchCriteriaId":"9C506445-3787-4BFF-A98B-7502A0F7CF80"}]}]}],"references":[{"url":"https://me.sap.com/notes/3673213","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}