CVE-2026-0492
Unknown Unknown - Not Provided

Privilege Escalation in SAP HANA Allows Administrative Access

Vulnerability report for CVE-2026-0492, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: SAP SE

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the systemοΏ½s confidentiality, integrity, and availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-07-06
AI Q&A
2026-01-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sap hana *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability could lead to a total compromise of the system's confidentiality, integrity, and availability by allowing privilege escalation to administrative access. Such a compromise may result in violations of compliance requirements under standards like GDPR and HIPAA, which mandate strict controls over data confidentiality and integrity. Therefore, exploitation of this vulnerability could negatively impact compliance with these regulations.

Executive Summary

This vulnerability in SAP HANA database allows an attacker who already has valid credentials of any user to escalate their privileges by switching to another user, potentially gaining administrative access. This means the attacker can take over the system with high-level permissions.

Impact Analysis

The vulnerability can lead to a total compromise of the system's confidentiality, integrity, and availability. An attacker exploiting this could gain administrative access, allowing them to view, modify, or delete sensitive data and disrupt system operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart