cvedb.io
CVE-2026-40135
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-05-12T03:16:12.430 · Last modified 2026-06-17T10:44:46.023

Summary

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.

Affected products

sap — netweaver_application_server_abap

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.