Cyber Resilience

CVE-2026-23687

HighUpdated

Published: 10 February 2026

Published
10 February 2026
Modified
09 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 36.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23687 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Sap Sap Basis. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SC-13 (Cryptographic Protection).

Deeper analysis

CVE-2026-23687 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting SAP NetWeaver Application Server ABAP and ABAP Platform, classified under CWE-347 (Improper Verification of Cryptographic Signature). Published on 2026-02-10, it enables an authenticated attacker with normal privileges to obtain a valid signed message and then send modified signed XML documents to the verifier. This flaw can lead to the acceptance of tampered identity information.

An attacker requires low privileges and network access to exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the acceptance of falsified identity data, resulting in unauthorized access to sensitive user information and potential disruption of normal system operations through high impacts on confidentiality, integrity, and availability.

SAP has addressed this issue through security note 3697567, available at https://me.sap.com/notes/3697567, as part of their SAP Security Patch Day documented at https://url.sap/sapsecuritypatchday. Security practitioners should review these advisories for patch deployment and mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized…

more

access to sensitive user data and potential disruption of normal system usage.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1606 Forge Web Credentials Credential Access
Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.
Why these techniques?

CVE enables remote exploitation of SAP via signature bypass on identity-bearing XML, directly mapping to public app exploitation and forging of signed credentials/tokens.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-0066Same product: Sap Sap Basis
CVE-2025-0063Same product: Sap Sap Basis
CVE-2025-23193Same product: Sap Sap Basis
CVE-2026-0508Same vendor: Sap
CVE-2026-24322Same vendor: Sap
CVE-2026-27962Shared CWE-347
CVE-2026-22818Shared CWE-347
CVE-2026-34240Shared CWE-347
CVE-2026-22817Shared CWE-347
CVE-2026-0506Same vendor: Sap

Affected Assets

sap
sap basis
700, 701, 702, 731, 740

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Mandates cryptographic mechanisms to prevent unauthorized modification of information and detect such changes, directly addressing improper verification of cryptographic signatures in XML documents.

preventdetect

Requires integrity verification of information using cryptographic methods like signatures to detect unauthorized changes, mitigating acceptance of tampered signed XML messages.

prevent

Enforces digital signing and verification of information prior to use, preventing exploitation of flaws in cryptographic signature verification for XML documents.

References