Skip to content
Auto-CTI
Back to today
NEW CRITICAL A2

CVE-2026-44745: SAP Approuter OAuth2 Header Validation Vulnerability

A NVD · · CVE-2026-44745

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
8.1
EPSS
0%

Key insight

The vulnerability enables authentication bypass through manipulated HTTP headers without requiring user interaction , organizations with cloud-based SAP deployments should prioritize reviewing their Approuter configuration.

Description

CVE-2026-44745 describes insufficient validation of HTTP request headers in the OAuth2 authentication flow of SAP Approuter under certain configurations. An attacker can craft a malicious URL that, when clicked by a victim, leads to authentication bypass and unauthorized access to the underlying application. The vulnerability has high impact on confidentiality and integrity of protected data, but not on availability. Exploitation risk is elevated for cloud-hosted or externally accessible SAP installations.

Risk score

98
cvss base
81.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
81.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

4 TTPs
Recon
Resource Dev
Execution
Persistence
Priv. Escal.
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1190
Exploit Public-Facing Application
Initial Access An unauthenticated remote attacker exploits improper validation of incoming request headers in SAP Approuter during the OAuth2 login flow to gain unauthorized access. high llm
T1566.002
Spearphishing Link
Initial Access The attacker crafts a malicious link which, when clicked by a victim, triggers the CVE-2026-44745 vulnerability in SAP Approuter's OAuth2 login flow to achieve unauthorized access. high llm
T1550.001
Application Access Token
Defense Evasion Exploitation of the improper header validation in the OAuth2 login flow allows the attacker to manipulate or hijack OAuth2 tokens, leading to unauthorized access to the application. medium llm
T1565
Data Manipulation
Impact Successful exploitation results in high impact to integrity of the SAP Approuter application, allowing the attacker to manipulate application data or behavior. medium llm
ESC