CVE-2026-44745

SAP · SAP Approuter

SAP Approuter contains a URL redirection vulnerability in the OAuth2 login flow due to improper request header validation, which may allow attackers to redirect users to malicious sites.

Executive summary

SAP Approuter is vulnerable to a URL redirection flaw that could facilitate phishing or site-spoofing attacks against authenticated users.

Vulnerability

This is a URL Redirection to Untrusted Site (CWE-601) vulnerability occurring during the OAuth2 login process. The flaw is triggered via a network-based attack vector and requires user interaction, but does not require any specific attacker privileges.

Business impact

Successful exploitation allows an attacker to manipulate the login flow to redirect users to arbitrary, potentially malicious, websites. This poses a significant risk of credential harvesting and phishing, which could lead to unauthorized account access or compromise of sensitive internal data, justifying the high CVSS score of 8.1.

Remediation

Immediate Action: Update the SAP Approuter node.js package to version 21.2.0 or later as specified by the vendor.

Proactive Monitoring: Monitor access logs for unusual redirect patterns or traffic originating from the login endpoint toward suspicious or external domains.

Compensating Controls: Implement strict Content Security Policy (CSP) headers and validate redirect destinations at the application firewall level to prevent unauthorized outbound traffic.

Exploitation status

Public Exploit Available: No (Exploit status unknown)

Analyst recommendation

The high severity of this vulnerability necessitates immediate attention to prevent potential phishing campaigns targeting organizational users. Administrators should prioritize updating to the patched version of the SAP Approuter package to fully remediate the underlying flaw in the OAuth2 redirect logic.