CVE-2026-44751

HIGH

Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Title source: cna

Description

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

References (2)

Core 2

Core References

https://me.sap.com/notes/3735546

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 7.1

EPSS 0.0021

EPSS Percentile 10.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-862

Status published

Products (30)

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 700

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 701

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 702

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 731

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 740

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 750

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 751

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 752

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 753

SAP_SE/SAP NetWeaver and ABAP Platform SAP_BASIS 754

... and 20 more

Published Jun 09, 2026

Tracked Since Jun 09, 2026