LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-27685

CVE-2026-27685 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 11, 2026

SAP NetWeaver Enterprise Portal Administration - Insecure Deserialization

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

SAP NetWeaver Enterprise Portal Administration contains an insecure deserialization vulnerability caused by processing untrusted or malicious content uploaded by privileged users, letting attackers compromise confidentiality, integrity, and availability, exploit requires privileged user upload.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 4.4%(Probability of exploitation in next 30 days)

Impact

Attackers can compromise confidentiality, integrity, and availability of the host system.

Mitigation

Update to the latest available version with deserialization fixes.

References

Social Media Activity(1 post)

Offensive Sequence
Offensive Sequence
@offseq
Mar 10, 2026

🚨 CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec

View original post

Related Resources

Details

CVE ID
CVE-2026-27685
Severity
Critical
CVSS Score
9.1
Type
insecure_deserialization
Status
unconfirmed
EPSS
4.4%
Social Posts
1

CWE

  • CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.4%Probability of exploitation in the next 30 days