CVE-2026-23689

HIGH

SAP Supply Chain Management and Advanced Planning and Optimization - Denial of Service via Resource Consumption

Title source: llm

Description

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.

References (2)

[Permissions Required] https://me.sap.com/notes/3703092

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 7.7

EPSS 0.0011

EPSS Percentile 28.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770 CWE-606

Status published

Products (6)

sap/advanced_planning_and_optimization 713

sap/advanced_planning_and_optimization 714

sap/supply_chain_management 700

sap/supply_chain_management 701

sap/supply_chain_management 702

sap/supply_chain_management 712

Published Feb 10, 2026

Tracked Since Feb 18, 2026