CVE-2026-0496

MEDIUM

SAP Fiori App Intercompany Balance Reconciliation - File Upload

Title source: llm

Description

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3565506

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 6.6

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (14)

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 103

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 104

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 105

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 106

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 107

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 108

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 600

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 700

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 800

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 900

... and 4 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026