A vulnerability classified as critical was found in SAP webcomponents-base up to 2.20.x. Affected by this vulnerability is the function setThemeRoot. Such manipulation leads to injection.

This vulnerability is traded as CVE-2026-44767. The attack may be launched remotely. There is no exploit available.