CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-40128 — SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated ...

·Source: NIST NVD

Updated:

Executive Summary

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

Analysis

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. CVSS Score: 9. Published: 2026-06-09T01:16:46.050.

Indicators of Compromise (1)

CVE (1)
CVE-2026-40128
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Jun 9, 2026. Verified by: NIST.

Related Threats

LOWVulnerability

Labcorp reaches $35M settlement over American Medical Collection Agency breach

Do you remember the horrific American Medical Collection Agency (Retrieval-Masters Creditors Bureau Inc.) breach in 2019? You can refresh your memory by scrolling through the Related posts below this one, but TL;DR: LabCorp was one of AMCA’s clients that was affected by the breach, and in July 2019, they notified HHS that 10,251,784 patients had... Source

DataBreaches.net
LOWVulnerability

German Court: Google Liable for AI Summaries

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/german-court-google-liable-for-ai-summaries-image_small-10-a-31955.jpg" align=right hspace=4><b>Court Says Google Is Responsible for Content Generated by Its Machines</b><br>A German court dealt a blow to Google AI-infused search by deciding that the Big Tech firm is liable for defamatory statements in the AI summaries that increa

Bank Info Security
MEDIUMVulnerability

G7 central banks publish report on quantum tech

The G7 Central Bank Quantum Technologies Working Group (QTWG) announces the publication of its report, “Preparing for Quantum Technologies: Key Considerations for Financial Sector Participants.” This document constitutes the first public deliverable of the working group.

Finextra