CVE-2026-0484
Undergoing Analysis
Undergoing Analysis - In Progress
Authorization Bypass in SAP NetWeaver ABAP Affecting Data Integrity
Publication date: 2026-02-10
Last updated on: 2026-02-17
Assigner: SAP SE
Description
Description
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_basis | 700 |
| sap | sap_basis | 701 |
| sap | sap_basis | 702 |
| sap | sap_basis | 731 |
| sap | sap_basis | 740 |
| sap | sap_basis | 750 |
| sap | sap_basis | 751 |
| sap | sap_basis | 752 |
| sap | sap_basis | 753 |
| sap | sap_basis | 754 |
| sap | sap_basis | 755 |
| sap | sap_basis | 756 |
| sap | sap_basis | 757 |
| sap | sap_basis | 758 |
| sap | sap_basis | 816 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
