CVE-2026-27689
Denial of Service via Resource Exhaustion in SAP Remote Function Module
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-606 | The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled resource consumption issue that allows an authenticated attacker with regular user privileges and network access to repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter.
This causes a prolonged loop execution that consumes excessive system resources, potentially making the system unavailable.
The result is a denial-of-service condition affecting system availability, while confidentiality and integrity are not impacted.
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) condition by exhausting system resources through prolonged loop execution.
This means the affected system may become unavailable or unresponsive, disrupting normal operations.
However, it does not affect the confidentiality or integrity of the system or its data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know