Primary

Context

SAP NetWeaver JMS Service Deserialization Vulnerability Leading to Denial-of-Service

Vulnerability

A deserialization vulnerability has been identified in the JMS service of SAP NetWeaver. This issue allows an authenticated administrator with local access to send specially crafted content to the server. If the application processes this content, it could disrupt internal logic execution, potentially causing a denial-of-service condition. While this vulnerability significantly impacts availability, it does not affect confidentiality or integrity.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition, causing significant disruption to service availability.

Remediation

Security fixes for this vulnerability will be included in the SAP Security Patch Day, scheduled for the second Tuesday of each month. For details on how to access and implement these security notes, refer to the SAP Security Notes FAQ.

Added: Feb 10, 2026, 7:11 AM

Updated: Feb 10, 2026, 7:11 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

3.0

remediation

8.3

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

3.0

remediation

8.3

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver JMS Service Deserialization Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating