CVE-2026-27680
âšī¸ lowSummary
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
CVSS Score
3.1
Low
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-14
First Seen: 2026-05-17
đ Relative Risk Intelligence
This CVE is Lower Risk - more severe than 2.1% of all 325,680 vulnerabilities in our database.
#318,853
Below average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: May 14, 2026
đ Exploitation Status
None
No known exploits
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-06-03
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)