anonhaven
Ad

CVE-2026-34256

HIGH CVSS 3.1: 7.1
Updated Apr 17, 2026
SAP
Parameter Value
CVSS 7.1 (HIGH)
Type CWE-862 (Missing Authorization)
Vendor SAP
Public PoC No

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

References 2

https://me.sap.com/notes/3731908
cna@sap.com
https://url.sap/sapsecuritypatchday
cna@sap.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34264

SAP

6.5

CVE-2026-34262

SAP

5.0

CVE-2026-34261

SAP

6.5

CVE-2026-34257

SAP

6.1

CVE-2026-27683

SAP

4.1