CVE-2026-24326
Undergoing Analysis Undergoing Analysis - In Progress
Authorization Bypass in SAP S/4HANA Disconnected Operations Allows Data Integrity Impact

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24326
EUVD
EUVD-2026-6479
Affected Vendors & Products
Showing 19 associated CPEs
Vendor Product Version / Range
sap s/4hana_defense_&_security 600
sap s/4hana_defense_&_security 603
sap s/4hana_defense_&_security 604
sap s/4hana_defense_&_security 605
sap s/4hana_defense_&_security 606
sap s/4hana_defense_&_security 616
sap s/4hana_defense_&_security 617
sap s/4hana_defense_&_security 618
sap s/4hana_defense_&_security 619
sap s/4hana_defense_&_security 800
sap s/4hana_defense_&_security 801
sap s/4hana_defense_&_security 802
sap s/4hana_defense_&_security 803
sap s/4hana_defense_&_security 804
sap s/4hana_defense_&_security 805
sap s/4hana_defense_&_security 806
sap s/4hana_defense_&_security 807
sap s/4hana_defense_&_security 808
sap s/4hana_defense_&_security 809
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists due to a missing authorization check in the Disconnected Operations feature of SAP S/4HANA Defense & Security. An attacker who already has user privileges can exploit this by calling remote-enabled function modules to directly update standard SAP database tables.

The vulnerability does not affect confidentiality or availability but has a low impact on data integrity.

Impact Analysis

The main impact of this vulnerability is on the integrity of the data within the SAP system. An attacker with user privileges could modify data directly in the database, potentially leading to unauthorized or incorrect data changes.

There is no impact on the confidentiality or availability of the application, so sensitive data exposure or service disruption are not concerns related to this vulnerability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart