CVE-2026-0493

MEDIUM

SAP Fiori App Intercompany Balance Reconciliation - CSRF

Title source: llm

Description

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.

References (2)

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Vendor Advisory] https://me.sap.com/notes/3655229

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status draft

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026