CVE-2026-23689
Undergoing Analysis Undergoing Analysis - In Progress
BaseFortify

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-05-07
AI Q&A
2026-02-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23689
EUVD
EUVD-2026-6444
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
sap supply_chain_management 700
sap supply_chain_management 701
sap supply_chain_management 702
sap supply_chain_management 712
sap advanced_planning_and_optimization 713
sap advanced_planning_and_optimization 714
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-606 The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an uncontrolled resource consumption issue that leads to a Denial of Service (DoS). An authenticated attacker with regular user privileges and network access can repeatedly call a remote-enabled function module using an excessively large loop-control parameter. This causes the function to execute a prolonged loop, consuming excessive system resources.

As a result, the system's availability is impacted because it becomes overwhelmed and potentially unavailable. However, the confidentiality and integrity of the system remain unaffected.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial-of-service condition that affects system availability. An attacker exploiting this vulnerability can cause the system to consume excessive resources, potentially making it unavailable to legitimate users.

There is no impact on the confidentiality or integrity of the system, so data theft or modification is not a concern with this vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart