A vulnerability classified as critical was found in SAP webcomponents-base up to 2.20.x. Affected by this vulnerability is the function
setThemeRoot. Such manipulation leads to injection.
This vulnerability is traded as CVE-2026-44767. The attack may be launched remotely. There is no exploit available.