SAP Gtw ErrMsg Injection Exposes URI Parse Logic
CVE-2026-44749 Published on May 26, 2026
Information Disclosure vulnerability in SAP Gateway
The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.
Vulnerability Analysis
CVE-2026-44749 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2026-44749
Want to know whenever a new CVE is published for SAP Gateway? stack.watch will email you.
Affected Versions
SAP_SE SAP Gateway:- Version SAP_GWFND 750 is affected.
- Version 751 is affected.
- Version 752 is affected.
- Version 753 is affected.
- Version 754 is affected.
- Version 755 is affected.
- Version 756 is affected.
- Version 757 is affected.
- Version 758 is affected.
- Version SAP_BASIS 795 is affected.