CVE-2026-0509
CRITICALSAP NetWeaver Application Server ABAP/ABAP Platform - Privilege Esc...
Title source: llmDescription
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
Scores
CVSS v3
9.6
EPSS
0.0001
EPSS Percentile
2.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Classification
CWE
CWE-862
Status
published
Affected Products (14)
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_kernel
sap/netweaver_as_abap_krnl64nuc
sap/netweaver_as_abap_krnl64nuc
sap/netweaver_as_abap_krnl64uc
sap/netweaver_as_abap_krnl64uc
sap/netweaver_as_abap_krnl64uc
Timeline
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026