CVE-2026-27673
Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
CVSS Score
4.9
EPSS Score
0.0%
EPSS Percentile
9th
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.
| Vendor | sap_se |
| Product | sap s/4hana (private cloud and on-premise) |
| Published | Apr 14, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap s/4hana (private cloud and on-premise)
Be the first to know when new medium vulnerabilities affecting sap_se sap s/4hana (private cloud and on-premise) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
Affected Versions
SAP_SE / SAP S/4HANA (Private Cloud and On-Premise)
S4CORE 105 106 107 108 109 FI-CA 606 616 617 618