cbcvebase.
CVE-2026-27681
published 2026-04-14

CVE-2026-27681: Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL…

PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.50%
39.0th percentile
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.

Affected

11 ranges
VendorProductVersion rangeFixed in
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
sap_sesap_business_planning_and_consolidation_and_sap_business_warehouse
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.