CVE-2026-0492

CWE-306 — Missing Authentication4 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 81.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Hana Database SAP Hana Database

Timeline

PublishedJan 13

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/hana_database2.00

▶CVEListV5sap_se/sap_hana_databaseHDB 2.00

Patches

Patch: url.sap ↗

🔴Vulnerability Details

CVEList

Privilege escalation vulnerability in SAP HANA database↗2026-01-13

▶

GHSA

GHSA-67mq-54j2-cv5m: SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0492 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶