CVE-2026-0502

CVE Database · CVE-2026-0502

CVE-2026-0502

· MEDIUMAwaiting Analysis

CVSS v3.1

5.4

EPSS

0.12%

Published

May 12, 2026

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Weaknesses (CWE)

CWE-352

References (2)

https://me.sap.com/notes/3667593

https://url.sap/sapsecuritypatchday

KEV Catalog EPSS Scores Vendors All CVEs