Inconsistent interpretation of HTTP requests in sap/approuter - CVE-2026-27690
Published: July 14, 2026
sap/approuter
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.
The vulnerability exists due to improper parsing of ambiguous HTTP requests in SAP Approuter when handling HTTP requests. A remote attacker can send specially crafted HTTP requests to cause a denial of service and disclose sensitive information.