CVE-2026-0509: SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the…

critical9.6CVSS 3.1

AVNACLPRLUINSCCNIHAH

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_kernel	—	—
sap	netweaver_as_abap_krnl64nuc	—	—
sap	netweaver_as_abap_krnl64nuc	—	—
sap	netweaver_as_abap_krnl64uc	—	—
sap	netweaver_as_abap_krnl64uc	—	—
sap	netweaver_as_abap_krnl64uc	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—
sap_se	sap_netweaver_application_server_abap_and_abap_platform	—	—