CYBERHAWK / CVE / CVE-2026-40128

CVE-2026-40128

CRITICAL CVSS 9.0 other

The flaw

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Proces

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-40128

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

Warning: SAP Addresses Critical Vulnerabilities Affecting Multiple SAP products, Patch Immediately!Centre for Cybersecurity Belgium · 2026-06-09
SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver PatchedCyberSecurityNews · 2026-06-09
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesThe Hacker News · 2026-06-10

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits