CVE-2026-27675

LOW

Code Injection vulnerability in SAP Landscape Transformation

Title source: cna

Description

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

References (2)

https://me.sap.com/notes/3723097

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 2.0

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (14)

SAP_SE/SAP Landscape Transformation 103

SAP_SE/SAP Landscape Transformation 104

SAP_SE/SAP Landscape Transformation 105

SAP_SE/SAP Landscape Transformation 106

SAP_SE/SAP Landscape Transformation 107

SAP_SE/SAP Landscape Transformation 108

SAP_SE/SAP Landscape Transformation 109

SAP_SE/SAP Landscape Transformation 2011_1_710

SAP_SE/SAP Landscape Transformation 2011_1_730

SAP_SE/SAP Landscape Transformation 2011_1_731

... and 4 more

Published Apr 14, 2026

Tracked Since Apr 14, 2026