CVE-2026-0484

CWE-601 — Open Redirect CWE-862 — Missing Authorization3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 98.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND SAP S/4hana SAP SAP Basis

Timeline

PublishedFeb 10

Description

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_sap_s/4hana15 versions+14

▶NVDsap/sap_basis15 versions+14

🔴Vulnerability Details

GHSA

GHSA-56mv-mq74-fqqv: Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transac↗2026-02-10

▶

CVEList

Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA↗2026-02-10

▶