CyberRota
← Ana sayfaya dön

CVE-2026-44767

MEDIUM · CVSS 6.1 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-14T01:16:18.140 · Çekilme zamanı: 2026-07-14T06:06:19.951586+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit
GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-44767
Severity
MEDIUM
CVSS
6.1
EPSS
Yok

Orijinal NVD Açıklaması

setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> element, even when no <meta name=sap-allowed-theme-origins> tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content