Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
8.1
CVE-2026-44745EXPLOITED
sap · sap approuter

Open Redirect vulnerability in SAP Approuter

Description

A vulnerability identified as critical has been detected in SAP Approuter. The affected element is an unknown function of the component OAuth2 Login Flow. Performing a manipulation results in improper authorization.

Affected Products

VendorProductVersions
sapsap approuterSAP Approuter node.js package < 21.2.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3741519
  • https://url.sap/sapsecuritypatchday

Related News (3 articles)

Tier B
BSI Advisories11h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier D
Heise Security13h ago
SAP-Patchday: Teils kritische Sicherheitslücken in mehreren Produkten gefixt
→ No new info (linked only)
Tier C
VulDB21h ago
CVE-2026-44745 | SAP Approuter OAuth2 Login Flow improper authorization
→ No new info (linked only)
CVSS 3.18.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-601
PublishedJul 14, 2026
Last enriched20h agov2
Trending Score61
Source articles3
Independent3
Info Completeness8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44747EXP
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
Trending: 75
CRITICALCVE-2026-44761EXP
Insecure Sample Credentials in SAP Commerce Cloud
Trending: 61
HIGHCVE-2026-44752EXP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
Trending: 59
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 59
CRITICALCVE-2026-27690
HTTP Request Smuggling in SAP Approuter
Trending: 51

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, severity, activelyExploited
Jul 14, 2026

Version History

v2
Last enriched 20h ago
v2Tier C20h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a new description with more technical detail.

descriptionseverityactivelyExploited
via VulDB
v120h ago

Initial creation