CVE-2026-0492

HIGH

SAP HANA Database - Privilege Escalation via User Switching

Title source: llm

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3691059

Patch

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 22.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

sap/hana_database 2.00

Published Jan 13, 2026

Tracked Since Feb 18, 2026