ByteOS Network

CVE Vulnerability Details :

CVE-2026-34258

PUBLISHED

More Info Official Page

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-12 May, 2026 | 02:19

Updated At-12 May, 2026 | 13:10

▼CVE Numbering Authority (CNA)

Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.

Affected Products

Vendor

SAP SE

Product

SAPUI5 (Search UI)

Default Status

unaffected

Versions

Affected

SAPUI5 1.108
1.120
1.136
1.142
1.71
1.84
1.96

Problem Types

Type	CWE ID	Description
CWE	CWE-451	CWE-451: User Interface Misrepresentation of Critical Information

Type: CWE

CWE ID: CWE-451

Description: CWE-451: User Interface Misrepresentation of Critical Information

Metrics

Version	Base score	Base severity	Vector
3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

References

Hyperlink	Resource
https://me.sap.com/notes/3726583	N/A
https://url.sap/sapsecuritypatchday	N/A

Hyperlink: https://me.sap.com/notes/3726583

Resource: N/A

Hyperlink: https://url.sap/sapsecuritypatchday

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References