Ghostwire

CVE-2026-44745: SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain...

HIGH CVSS 0.0

Published: July 14, 2026 | Last Modified: July 14, 2026

Description

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References