CVE-2026-27690
CRITICAL
9.1
CVSS 3.1
Description
Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.
Metadata
Severity & Metrics
9.1
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SAP_SE | SAP Approuter | — | SAP Approuter node.js package < 20.10.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-444 | cna | CWE-444: Inconsistent Interpretation of HTTP Requests |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.1 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |