Loading
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Use CWE-444, Sap vendor hub and Content Server product page to widen CVE-2022-22536 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-40309, CVE-2023-40308 and CVE-2024-33005 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: February 13th, 2026.