CVE-2026-24328: CWE-601: URL Redirection to Untrusted Site in SAP_SE Business Server Pages Application (TAF_APPLAUNCHER)
CVE-2026-24328 is a medium-severity vulnerability in the SAP Business Server Pages Application (TAF_APPLAUNCHER) that allows unauthenticated attackers to craft malicious URLs causing victims to be redirected to attacker-controlled sites. This URL redirection flaw (CWE-601) requires user interaction (clicking the link) and can lead to limited confidentiality and integrity impacts by exposing or altering sensitive information in the victim's browser context. There is no impact on application availability. The vulnerability affects specific versions of SAP ST-PI components and has a CVSS score of 6. 1. No known exploits are currently reported in the wild. European organizations using affected SAP versions should prioritize patching and implement strict URL validation and user awareness to mitigate risks. Countries with significant SAP enterprise deployments and critical infrastructure relying on SAP are most likely to be impacted.
AI Analysis
Technical Summary
CVE-2026-24328 is a vulnerability identified in the SAP Business Server Pages Application component known as TAF_APPLAUNCHER, specifically affecting versions ST-PI 2008_1_700, 2008_1_710, 740, and 758. The flaw is categorized under CWE-601, which involves URL redirection to untrusted sites. An unauthenticated attacker can craft malicious URLs that, when clicked by a victim, cause the victim's browser to be redirected to attacker-controlled domains. This redirection can potentially expose or alter sensitive information within the victim's browser session, such as session tokens or confidential data, through phishing or other social engineering techniques. The vulnerability does not require authentication but does require user interaction (clicking the malicious link). The CVSS v3.1 score of 6.1 reflects a medium severity, with attack vector being network, low attack complexity, no privileges required, user interaction required, and a scope change. The impact on confidentiality and integrity is low, and there is no impact on availability. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed proactively. The vulnerability highlights the importance of proper input validation and URL sanitization in web applications to prevent open redirect issues that can facilitate phishing and session hijacking attacks.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks that leverage the open redirect to attacker-controlled sites. Confidentiality could be compromised if sensitive session information or credentials are exposed during redirection. Integrity risks arise if attackers manipulate the victim's browser context or inject malicious content via the redirection. Although availability is unaffected, the reputational damage and potential data leakage could have significant consequences, especially for enterprises handling sensitive personal data under GDPR. Organizations relying heavily on SAP Business Server Pages for critical business processes may face increased risk of targeted phishing campaigns exploiting this vulnerability. The lack of authentication requirement and ease of exploitation via crafted URLs increase the attack surface. However, the necessity of user interaction limits automated exploitation. Overall, the impact is medium but could escalate if combined with other attack vectors or social engineering tactics.
Mitigation Recommendations
European organizations should immediately verify if they are running affected versions of SAP ST-PI components (2008_1_700, 2008_1_710, 740, 758) and prioritize upgrading to patched versions once available. In the interim, implement strict URL validation and sanitization controls within SAP Business Server Pages to prevent open redirects. Deploy web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns. Conduct targeted user awareness training focusing on phishing risks associated with suspicious links, emphasizing verification of URLs before clicking. Monitor logs for unusual redirect activity and implement browser security policies such as Content Security Policy (CSP) to restrict navigation to trusted domains. Consider disabling or restricting the use of the TAF_APPLAUNCHER component if not essential. Collaborate with SAP support for any vendor-specific mitigations or patches. Regularly review and update incident response plans to include scenarios involving open redirect exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2026-24328: CWE-601: URL Redirection to Untrusted Site in SAP_SE Business Server Pages Application (TAF_APPLAUNCHER)
Description
CVE-2026-24328 is a medium-severity vulnerability in the SAP Business Server Pages Application (TAF_APPLAUNCHER) that allows unauthenticated attackers to craft malicious URLs causing victims to be redirected to attacker-controlled sites. This URL redirection flaw (CWE-601) requires user interaction (clicking the link) and can lead to limited confidentiality and integrity impacts by exposing or altering sensitive information in the victim's browser context. There is no impact on application availability. The vulnerability affects specific versions of SAP ST-PI components and has a CVSS score of 6. 1. No known exploits are currently reported in the wild. European organizations using affected SAP versions should prioritize patching and implement strict URL validation and user awareness to mitigate risks. Countries with significant SAP enterprise deployments and critical infrastructure relying on SAP are most likely to be impacted.
AI-Powered Analysis
Technical Analysis
CVE-2026-24328 is a vulnerability identified in the SAP Business Server Pages Application component known as TAF_APPLAUNCHER, specifically affecting versions ST-PI 2008_1_700, 2008_1_710, 740, and 758. The flaw is categorized under CWE-601, which involves URL redirection to untrusted sites. An unauthenticated attacker can craft malicious URLs that, when clicked by a victim, cause the victim's browser to be redirected to attacker-controlled domains. This redirection can potentially expose or alter sensitive information within the victim's browser session, such as session tokens or confidential data, through phishing or other social engineering techniques. The vulnerability does not require authentication but does require user interaction (clicking the malicious link). The CVSS v3.1 score of 6.1 reflects a medium severity, with attack vector being network, low attack complexity, no privileges required, user interaction required, and a scope change. The impact on confidentiality and integrity is low, and there is no impact on availability. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed proactively. The vulnerability highlights the importance of proper input validation and URL sanitization in web applications to prevent open redirect issues that can facilitate phishing and session hijacking attacks.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks that leverage the open redirect to attacker-controlled sites. Confidentiality could be compromised if sensitive session information or credentials are exposed during redirection. Integrity risks arise if attackers manipulate the victim's browser context or inject malicious content via the redirection. Although availability is unaffected, the reputational damage and potential data leakage could have significant consequences, especially for enterprises handling sensitive personal data under GDPR. Organizations relying heavily on SAP Business Server Pages for critical business processes may face increased risk of targeted phishing campaigns exploiting this vulnerability. The lack of authentication requirement and ease of exploitation via crafted URLs increase the attack surface. However, the necessity of user interaction limits automated exploitation. Overall, the impact is medium but could escalate if combined with other attack vectors or social engineering tactics.
Mitigation Recommendations
European organizations should immediately verify if they are running affected versions of SAP ST-PI components (2008_1_700, 2008_1_710, 740, 758) and prioritize upgrading to patched versions once available. In the interim, implement strict URL validation and sanitization controls within SAP Business Server Pages to prevent open redirects. Deploy web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns. Conduct targeted user awareness training focusing on phishing risks associated with suspicious links, emphasizing verification of URLs before clicking. Monitor logs for unusual redirect activity and implement browser security policies such as Content Security Policy (CSP) to restrict navigation to trusted domains. Consider disabling or restricting the use of the TAF_APPLAUNCHER component if not essential. Collaborate with SAP support for any vendor-specific mitigations or patches. Regularly review and update incident response plans to include scenarios involving open redirect exploitation.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- sap
- Date Reserved
- 2026-01-21T22:15:36.673Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 698aaa0c4b57a58fa1c64d74
Added to database: 2/10/2026, 3:46:20 AM
Last enriched: 2/17/2026, 9:47:56 AM
Last updated: 2/21/2026, 12:20:13 AM
Views: 24
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.