Platform
sap
Component
sap-wily-introscope-enterprise-manager-workstation
Fixed in
10.8.1
CVE-2026-0500 is a critical Remote Code Execution (RCE) vulnerability affecting SAP Wily Introscope Enterprise Manager (WorkStation). This vulnerability allows an unauthenticated attacker to execute arbitrary operating system commands on the victim's machine through a crafted JNLP file. The vulnerability impacts versions 10.8 of the product and is resolved in version 10.8.1.
The impact of CVE-2026-0500 is severe. A successful exploit allows an attacker to gain complete control over the affected system. This includes the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems within the network. The attack vector involves crafting a malicious JNLP file and hosting it on a publicly accessible URL. When a user clicks on this URL, the Wily Introscope Server executes the attacker's commands, leading to full system compromise. This resembles previous JNLP-based exploitation techniques, highlighting the potential for widespread impact if unpatched systems remain exposed.
CVE-2026-0500 was publicly disclosed on January 13, 2026. Its criticality (CVSS 9.6) and the ease of exploitation (requiring no authentication) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the vulnerability's nature makes it a likely candidate for exploitation in the wild. It is recommended to prioritize patching to prevent potential compromise.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-0500 is to immediately upgrade SAP Wily Introscope Enterprise Manager (WorkStation) to version 10.8.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the Wily Introscope Server through a Web Application Firewall (WAF) or proxy, blocking access to potentially malicious JNLP files. Monitor network traffic for suspicious JNLP file downloads and execution attempts. Review and restrict user permissions to minimize the potential impact of a successful exploit.
Aplicar la actualización de seguridad proporcionada por SAP según la nota 3668679. Esto solucionará la vulnerabilidad en el componente de terceros y evitará la ejecución remota de código. Consulte la documentación de SAP para obtener instrucciones detalladas sobre cómo aplicar la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0500 is a critical Remote Code Execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) allowing attackers to execute OS commands via a malicious JNLP file.
Yes, if you are running SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, you are affected by this vulnerability.
Upgrade to version 10.8.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules.
While no public exploit is currently available, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the wild.
Refer to the official SAP Security Advisory for detailed information and remediation steps: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.