9.6

CVE-2026-0509

Medienbericht

EPSS 0.02%
Veröffentlicht 10.02.2026 03:01:52
Zuletzt bearbeitet 17.02.2026 16:04:59
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 14 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Netweaver As Abap Kernel Version7.22

SAP ≫ Netweaver As Abap Kernel Version7.53

SAP ≫ Netweaver As Abap Kernel Version7.54

SAP ≫ Netweaver As Abap Kernel Version7.77

SAP ≫ Netweaver As Abap Kernel Version7.89

SAP ≫ Netweaver As Abap Kernel Version7.93

SAP ≫ Netweaver As Abap Kernel Version9.16

SAP ≫ Netweaver As Abap Kernel Version9.18

SAP ≫ Netweaver As Abap Kernel Version9.19

SAP ≫ Netweaver As Abap Krnl64nuc Version7.22

SAP ≫ Netweaver As Abap Krnl64nuc Version7.22ext

SAP ≫ Netweaver As Abap Krnl64uc Version7.22

SAP ≫ Netweaver As Abap Krnl64uc Version7.22ext

SAP ≫ Netweaver As Abap Krnl64uc Version7.53

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	9.6	3.1	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.heise.de/news/Patchday-SAP-CRM-S-4HANA-Angreifer-koennen-Datenbanken-beschaedigen-11172596.html

Media Report

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3674774

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-0509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0509

EUVD