CVE-2026-0492
Unknown Unknown - Not Provided
Privilege Escalation in SAP HANA Allows Administrative Access

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: SAP SE

Description
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the systemοΏ½s confidentiality, integrity, and availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0492
EUVD
EUVD-2026-2389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap hana *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability could lead to a total compromise of the system's confidentiality, integrity, and availability by allowing privilege escalation to administrative access. Such a compromise may result in violations of compliance requirements under standards like GDPR and HIPAA, which mandate strict controls over data confidentiality and integrity. Therefore, exploitation of this vulnerability could negatively impact compliance with these regulations.

Executive Summary

This vulnerability in SAP HANA database allows an attacker who already has valid credentials of any user to escalate their privileges by switching to another user, potentially gaining administrative access. This means the attacker can take over the system with high-level permissions.

Impact Analysis

The vulnerability can lead to a total compromise of the system's confidentiality, integrity, and availability. An attacker exploiting this could gain administrative access, allowing them to view, modify, or delete sensitive data and disrupt system operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart