CVE-2026-27690: HTTP Request Smuggling Vulnerability in SAP Approuter
A NVD · · CVE-2026-27690
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 9.1
- EPSS
- 0%
Key insight
The vulnerability allows unauthenticated attackers to expose user responses and cause system unavailability through crafted HTTP requests , a critical risk for SAP-based ERP infrastructure.
Description
CVE-2026-27690 is an HTTP Request Smuggling vulnerability in SAP Approuter that allows unauthenticated attackers to send specially crafted HTTP requests causing request-response desynchronization. This leads to exposure of user responses and potential system unavailability, affecting both confidentiality and availability. Approuter is a central component in SAP Cloud environments and can provide access to multiple backend systems, making exploitation of this flaw potentially far-reaching.
Risk score
- cvss base
- 91.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 91.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational
MITRE ATT&CK mapping
3 TTPsProcedure details
| Technique | Tactic | Procedure | Conf. | Source |
|---|---|---|---|---|
| T1190 Exploit Public-Facing Application | Initial Access | An unauthenticated attacker exploits the HTTP Request Smuggling vulnerability (CVE-2026-27690) in SAP Approuter by sending a specially crafted HTTP request to cause request-response desynchronization | high | llm |
| T1565.002 Transmitted Data Manipulation | Impact | The HTTP Request Smuggling vulnerability causes request-response desynchronization, leading to exposure of other users' responses through manipulation of transmitted data between client and server | high | llm |
| T1499 Endpoint Denial of Service | Impact | Exploitation of the HTTP Request Smuggling vulnerability in SAP Approuter causes the system to become unavailable, resulting in high impact on availability | high | llm |