CVE-2026-40133
SAP S/4HANA Condition Maintenance Authorization Bypass
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | s_4hana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SAP S/4HANA Condition Maintenance due to a missing authorization check. An authenticated attacker can exploit this flaw to gain unauthorized access to view and modify condition table records.
The impact on confidentiality and integrity of the data is considered low, but the attacker can still alter data they should not have access to.
Additionally, this vulnerability may cause legitimate users to be unable to access these records, resulting in a low impact on application availability.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized viewing and modification of condition table records within SAP S/4HANA, which may compromise the accuracy and trustworthiness of your data.
It may also disrupt normal operations by preventing legitimate users from accessing necessary records, affecting application availability.
Overall, the impacts on confidentiality, integrity, and availability are considered low but could still affect business processes relying on this data.