CVE-2026-0488
published 2026-02-10CVE-2026-0488: An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized…
PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.49%
38.4th percentile
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_abap | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | s_4hana | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap | webclient_ui_framework | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
| sap_se | sap_crm_and_sap_s_4hana | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for authenticated calls to generic function modules in SAP CRM and SAP S/4HANA (Scripting Editor) that attempt to execute arbitrary SQL statements, which is the core exploitation vector for CVE-2026-0488. ↗
- ·No public exploit exists for CVE-2026-0488 at time of publication; exploitation requires an authenticated attacker, so monitoring for abnormal authenticated sessions and privilege escalation in SAP CRM / S/4HANA is the primary defensive posture. ↗
- ·Fixes were made available on February 18–19, 2026 for both Linux and Windows deployments of SAP NetWeaver Application Server ABAP (cpe:2.3:a:sap:netweaver_application_server_abap); ensure patching is applied to all affected platforms. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-23687 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23687 [MEDIUM] CVE-2026-23687 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23687 :
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
Source : NVD
## 8.8
Score
Published February 10, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
SAP NetWeaver Application Server ABAP
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected pa
Wiz
CVE-2026-0488 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0488 [MEDIUM] CVE-2026-0488 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0488 :
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.
Source : NVD
## 9.9
Score
Published February 10, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
SAP NetWeaver Application Server ABAP
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected pac
Wiz
CVE-2026-0509 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0509 [MEDIUM] CVE-2026-0509 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0509 :
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
Source : NVD
## 9.6
Score
Published February 10, 2026
Severity CRITICAL
CNA Score 9.6
Affected Technologies
SAP NetWeaver Application Server ABAP
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2
Wiz
CVE-2026-0506 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-0506 [CRITICAL] CVE-2026-0506 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0506 :
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.
Source : NVD
## 8.1
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
SAP NetWeaver Application Server ABAP
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exp
2026-02-10
Published