cbcvebase.
CVE-2026-27671
published 2026-06-09

CVE-2026-27671: Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.44%
34.9th percentile
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

Affected

13 ranges
VendorProductVersion rangeFixed in
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_netweaver_as_abap_and_abap_platform
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.