CVE-2010-5326
SAP NetWeaver Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
17.4%
p97
KEV
YES
Nov 3, 2021
Exploit Today
79
0-100
Published: — · Last modified: —
17.4%EPSS · 30 days17.4%
2026-06-302026-07-16
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver Remote Code Execution Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-5326
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2016-2386—99.3%
KEV—80SAP NetWeaver SQL Injection Vulnerability—CVE-2016-2388—98.8%
KEV—80SAP NetWeaver Information Disclosure Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—