A vulnerability classified as problematic was found in SAP Business Server Pages Application 740/758 . Affected is an unknown function of the component TAF_APPLAUNCHER . The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-40137 . The attack can be launched remotely. No exploit exists. A patch should be applied to remediate this issue.