CVE-2026-0496
Unrestricted File Upload in SAP Fiori Intercompany App
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | fiori_app_intercompany_balance_reconciliation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file, including script files, without proper file format validation. This means the application does not correctly check the type of files being uploaded, which could lead to potential misuse.
How can this vulnerability impact me? :
This vulnerability has a low impact on the confidentiality, integrity, and availability of the application. However, because it allows uploading of arbitrary files including scripts, it could potentially be exploited to execute unauthorized actions or disrupt the application if an attacker has high privileges.