CVE-2026-40133

MEDIUM 6.3

Missing Authorization check in SAP S/4HANA Condition Maintenance

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

2th

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Vendor	sap_se
Product	sap s/4hana condition maintenance
Published	May 12, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for sap_se sap s/4hana condition maintenance

Be the first to know when new medium vulnerabilities affecting sap_se sap s/4hana condition maintenance are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

SAP_SE / SAP S/4HANA Condition Maintenance

S4CORE 102 103 104 105 106 107 108 109

References

NVD ↗ CVE.org ↗ EPSS Data ↗

me.sap.com: https://me.sap.com/notes/3718083 url.sap: https://url.sap/sapsecuritypatchday