CVE-2026-44751
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation in SAP ABAP Application Server

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: SAP SE

Description
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-29
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-44751
EUVD
EUVD-2026-35285

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sap application_server_abap *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP Application Server ABAP where the application server does not perform the necessary authorization checks for an authenticated user.

As a result, an attacker who is already authenticated can execute a report generation command that could overwrite information belonging to another user.

This leads to an escalation of privileges within the application.

Impact Analysis

The vulnerability has a high impact on the integrity of the application because it allows an attacker to overwrite information belonging to other users.

There is a low impact on availability and no impact on confidentiality.

Overall, this means that data within the application can be altered improperly, potentially leading to unauthorized privilege escalation and data integrity issues.

Compliance Impact

This vulnerability allows an attacker to escalate privileges by executing report generation commands that can overwrite information belonging to another user. This impacts the integrity of the application data.

While the vulnerability has no impact on confidentiality and low impact on availability, the high impact on data integrity could affect compliance with standards and regulations such as GDPR and HIPAA, which require maintaining data integrity and preventing unauthorized data modification.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to apply the latest security patches provided by SAP for the Application server ABAP.

You can find relevant security notes and updates on SAP Security Notes & News pages.

  • Regularly check and apply SAP Security Notes related to Application server ABAP.
  • Restrict user privileges to minimize the risk of privilege escalation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44751. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart