CVE-2026-0486

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 89.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE Abap Based SAP SystemsSAP Solution Tools Plug-in
Timeline
PublishedFeb 10

Description

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/abap_based_sap_systems4 versions+3
NVDsap/solution_tools_plug-in4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-cccp-r76h-97r3: In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disc2026-02-10
CVEList
Missing Authorization Check in ABAP based SAP systems2026-02-10
CVE-2026-0486 (MEDIUM CVSS 4.3) | In ABAP based SAP systems a remote | cvebase.io