🔐 CVE Alert

CVE-2026-58233

HIGH 7.6

Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)

CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th

SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.

Vendor sap_se
Product sap change and transport system attach tool (ctsattach)
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sap_se sap change and transport system attach tool (ctsattach)

Be the first to know when new high vulnerabilities affecting sap_se sap change and transport system attach tool (ctsattach) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Affected Versions

SAP_SE / SAP Change and Transport System Attach Tool (ctsattach)
CTS_UPLOAD_CLT 1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
me.sap.com: https://me.sap.com/notes/3773304 url.sap: https://url.sap/sapsecuritypatchday