CVE-2026-0492
Privilege Escalation in SAP HANA Allows Administrative Access
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | hana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP HANA database allows an attacker who already has valid credentials of any user to escalate their privileges by switching to another user, potentially gaining administrative access. This means the attacker can take over the system with high-level permissions.
How can this vulnerability impact me? :
The vulnerability can lead to a total compromise of the system's confidentiality, integrity, and availability. An attacker exploiting this could gain administrative access, allowing them to view, modify, or delete sensitive data and disrupt system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could lead to a total compromise of the system's confidentiality, integrity, and availability by allowing privilege escalation to administrative access. Such a compromise may result in violations of compliance requirements under standards like GDPR and HIPAA, which mandate strict controls over data confidentiality and integrity. Therefore, exploitation of this vulnerability could negatively impact compliance with these regulations.