CVE-2026-27681
published 2026-04-14CVE-2026-27681: Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL…
PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.50%
39.0th percentile
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
| sap_se | sap_business_planning_and_consolidation_and_sap_business_warehouse | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
blogs_hackernews·2026-04-20
CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas
Hackernews
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
blogs_hackernews·2026-04-15·CVSS 9.9
[CRITICAL] April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases.
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse ( CVE-2026-27681 , CVSS score: 9.9) that could result in the execution of arbitrary database commands.
"The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed," Onapsis said in an a
2026-04-14
Published