Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3875 articles · 175980 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-27690
sap · sap approuter

HTTP Request Smuggling in SAP Approuter

Description

HTTP Request Smuggling vulnerability in SAP Approuter allows unauthenticated attackers to exploit this flaw via specially crafted HTTP requests to access user responses and trigger denial-of-service attacks on the targeted system.

Affected Products

VendorProductVersions
sapsap approuterSAP Approuter node.js package < 20.10.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3720138
  • https://url.sap/sapsecuritypatchday

Related News (5 articles)

Tier D
BleepingComputer11h ago
SAP warns of critical flaws in NetWeaver and Commerce Cloud
→ No new info (linked only)
Tier D
SecurityWeek12h ago
SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud
→ No new info (linked only)
Tier B
BSI Advisories12h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier D
Heise Security14h ago
SAP-Patchday: Teils kritische Sicherheitslücken in mehreren Produkten gefixt
→ No new info (linked only)
Tier C
VulDB21h ago
CVE-2026-27690 | SAP Approuter HTTP request smuggling
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA KEV❌ No
Actively exploited❌ No
CWECWE-444
PublishedJul 14, 2026
Last enriched11h agov2
Trending Score50
Source articles5
Independent5
Info Completeness8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44747EXP
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
Trending: 74
CRITICALCVE-2026-44761EXP
Insecure Sample Credentials in SAP Commerce Cloud
Trending: 61
CRITICALCVE-2026-44745EXP
Open Redirect vulnerability in SAP Approuter
Trending: 61
HIGHCVE-2026-44752EXP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
Trending: 58
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 58

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description
Jul 14, 2026

Version History

v2
Last enriched 11h ago
v2Tier D11h ago

Updated description with more technical detail and marked the vulnerability as actively exploited with an exploit available.

description
via BleepingComputer
v121h ago

Initial creation