SAP NetWeaver ABAP MemCorrupt Exploit CVE-2026-24320
CVE-2026-24320 Published on February 10, 2026
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.
Vulnerability Analysis
CVE-2026-24320 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2026-24320 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2026-24320
Want to know whenever a new CVE is published for SAP NetWeaver? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver and ABAP Platform (Application Server ABAP):- Version KRNL64NUC 7.22 is affected.
- Version 7.22EXT is affected.
- Version KRNL64UC 7.22 is affected.
- Version 7.53 is affected.
- Version 8.04 is affected.
- Version KERNEL 7.22 is affected.
- Version 7.54 is affected.
- Version 7.77 is affected.
- Version 7.89 is affected.
- Version 7.93 is affected.
- Version 9.16 is affected.
- Version 9.17 is affected.
- Version 9.18 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.