Description
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.
Published: 2026-07-14
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The open redirect flaw resides in the SAP Approuter's handling of request headers during the OAuth2 login flow. Because incoming headers are not validated correctly, an attacker can create a malicious link that redirects victims to arbitrary URLs. This flaw can be used to facilitate phishing, credential phishing, or unauthorized application access, causing significant breaches of confidentiality and integrity while leaving availability unaffected.

Affected Systems

The vulnerability affects SAP Approuter applications that are deployed with the current OAuth2 configuration. No specific version information is provided, so all releases under the described configurations are potentially impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 8.1, indicating high severity. While the EPSS score is unavailable, the lack of authentication requirement and the ease of crafting a redirect URL make exploitation likely in environments where users interact with external links. The flaw is not listed in the CISA KEV catalog, but its potential for phishing and credential theft poses a serious risk.

Generated by OpenCVE AI on July 14, 2026 at 12:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch from SAP note 3741519 to update the SAP Approuter to a version that validates request headers during the OAuth2 flow.
  • If the patch cannot be applied immediately, restrict the OAuth2 redirect URIs to a whitelist of trusted domains in the Approuter configuration to prevent arbitrary redirects.
  • Monitor authentication traffic for unexpected redirect patterns and investigate any suspicious outbound redirects that may indicate exploitation.

Generated by OpenCVE AI on July 14, 2026 at 12:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Description SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.
Title Open Redirect vulnerability in SAP Approuter
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-07-14T12:39:36.122Z

Reserved: 2026-05-07T18:16:34.195Z

Link: CVE-2026-44745

cve-icon Vulnrichment

Updated: 2026-07-14T12:39:32.427Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T13:00:04Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')