CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
11th
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.
| Vendor | sap_se |
| Product | sap erp and sap s/4 hana (private cloud and on-premise) |
| Published | Apr 14, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap erp and sap s/4 hana (private cloud and on-premise)
Be the first to know when new high vulnerabilities affecting sap_se sap erp and sap s/4 hana (private cloud and on-premise) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected Versions
SAP_SE / SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
SAP_FIN 618 720 730 EA-FIN 617 700 SAPSCORE 135 S4CORE 102 103 104 105 106 107 108 109 EA-APPL 600 602 603 604 605 606