CVE-2026-23688

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 89.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Fiori APP (manage Service Entry Sheets - Lean Services)SAP S4core

Timeline

PublishedFeb 10

Description

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_fiori_app_(manage_service_entry_sheets_-_lean_services)6 versions+5

▶NVDsap/s4core6 versions+5

🔴Vulnerability Details

CVEList

Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)↗2026-02-10

▶

GHSA

GHSA-9x42-qr2j-m3w4: SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privil↗2026-02-10

▶