CRLF Injection in SAP NetWeaver Application Server Java
CVE-2026-23686 Published on February 10, 2026
CRLF Injection vulnerability in SAP NetWeaver Application Server Java
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.
Vulnerability Analysis
CVE-2026-23686 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2026-23686 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2026-23686
Want to know whenever a new CVE is published for SAP Netweaver Application Server Java? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver Application Server Java Version LMNWABASICAPPS 7.50 is affected by CVE-2026-23686Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.