CVE-2026-0509
Undergoing Analysis Undergoing Analysis - In Progress
Improper Authorization in SAP NetWeaver ABAP Causes Integrity Impact

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-05-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-0509
EUVD
EUVD-2026-6472
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
sap netweaver_as_abap_krnl64uc 7.22ext
sap netweaver_as_abap_krnl64uc 7.53
sap netweaver_as_abap_krnl64uc 7.22
sap netweaver_as_abap_kernel 7.22
sap netweaver_as_abap_kernel 7.53
sap netweaver_as_abap_kernel 7.77
sap netweaver_as_abap_krnl64nuc 7.22ext
sap netweaver_as_abap_krnl64nuc 7.22
sap netweaver_as_abap_kernel 7.89
sap netweaver_as_abap_kernel 7.54
sap netweaver_as_abap_kernel 7.93
sap netweaver_as_abap_kernel 9.16
sap netweaver_as_abap_kernel 9.18
sap netweaver_as_abap_kernel 9.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform. It allows an authenticated user with low privileges to perform background Remote Function Calls (RFCs) without having the required S_RFC authorization in certain situations.

Essentially, this means that users who should not have permission to execute certain remote functions can bypass authorization checks and perform these actions.


How can this vulnerability impact me? :

The vulnerability can have a high impact on the integrity and availability of the affected SAP system.

Since unauthorized background Remote Function Calls can be executed, it may lead to unauthorized changes or disruptions in the system's operations.

However, there is no impact on the confidentiality of the application, meaning sensitive data exposure is not a concern in this case.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart