CVE-2026-23689
Undergoing Analysis Undergoing Analysis - In Progress
BaseFortify

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23689
EUVD
EUVD-2026-6444
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
sap supply_chain_management 700
sap supply_chain_management 701
sap supply_chain_management 702
sap supply_chain_management 712
sap advanced_planning_and_optimization 713
sap advanced_planning_and_optimization 714
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-606 The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an uncontrolled resource consumption issue that leads to a Denial of Service (DoS). An authenticated attacker with regular user privileges and network access can repeatedly call a remote-enabled function module using an excessively large loop-control parameter. This causes the function to execute a prolonged loop, consuming excessive system resources.

As a result, the system's availability is impacted because it becomes overwhelmed and potentially unavailable. However, the confidentiality and integrity of the system remain unaffected.

Impact Analysis

The primary impact of this vulnerability is a denial-of-service condition that affects system availability. An attacker exploiting this vulnerability can cause the system to consume excessive resources, potentially making it unavailable to legitimate users.

There is no impact on the confidentiality or integrity of the system, so data theft or modification is not a concern with this vulnerability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23689. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart