CVE-2026-44751
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation in SAP ABAP Application Server

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: SAP SE

Description
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-44751
EUVD
EUVD-2026-35285
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap application_server_abap *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP Application Server ABAP where the application server does not perform the necessary authorization checks for an authenticated user.

As a result, an attacker who is already authenticated can execute a report generation command that could overwrite information belonging to another user.

This leads to an escalation of privileges within the application.

Impact Analysis

The vulnerability has a high impact on the integrity of the application because it allows an attacker to overwrite information belonging to other users.

There is a low impact on availability and no impact on confidentiality.

Overall, this means that data within the application can be altered improperly, potentially leading to unauthorized privilege escalation and data integrity issues.

Compliance Impact

This vulnerability allows an attacker to escalate privileges by executing report generation commands that can overwrite information belonging to another user. This impacts the integrity of the application data.

While the vulnerability has no impact on confidentiality and low impact on availability, the high impact on data integrity could affect compliance with standards and regulations such as GDPR and HIPAA, which require maintaining data integrity and preventing unauthorized data modification.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44751. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart