9.8

CVE-2026-27671

Medienbericht

Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP NetWeaver AS ABAP and ABAP Platform
Default Statusunaffected
Version KRNL64NUC 7.22
Status affected
Version 7.22EXT
Status affected
Version KRNL64UC 7.22
Status affected
Version 722EXT
Status affected
Version 7.53
Status affected
Version KERNEL 7.22
Status affected
Version 7.54
Status affected
Version 7.77
Status affected
Version 7.89
Status affected
Version 7.93
Status affected
Version 9.16
Status affected
Version 9.18
Status affected
Version 91.9
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.06.2026 17:02
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 17:43
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 21:57
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 13:56
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3717897