CVE-2026-34262
Information Disclosure in SAP HANA Cockpit and Database Explorer
Publication date: 2026-04-14
Last updated on: 2026-05-04
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | hana_cockpit | to 2.18.2 (exc) |
| sap | hana_database_explorer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Information Disclosure issue found in SAP HANA Cockpit and SAP HANA Database Explorer. It allows unauthorized or less privileged users to gain access to sensitive information that they should not normally see.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily the exposure of confidential information. Since it is an information disclosure vulnerability with a CVSS base score of 5.0, it means that attackers with network access and low privileges can potentially access sensitive data, which could lead to privacy breaches or aid further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Information disclosure vulnerabilities can negatively affect compliance with data protection regulations such as GDPR and HIPAA because unauthorized access to sensitive personal or health information may violate requirements for confidentiality and data security.