CVE-2026-0508

CVE Database · CVE-2026-0508

CVE-2026-0508

· HIGHAnalyzed

CVSS v3.1

7.3

EPSS

0.28%

Published

Feb 10, 2026

Modified

Feb 17, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Weaknesses (CWE)

CWE-601

Affected Products (3)

sap · businessobjects_business_intelligence_platformvulnerable

References (2)

https://me.sap.com/notes/3674246

Permissions Required

https://url.sap/sapsecuritypatchday

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs