CVE-2026-0486

Summary

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SEABAP based SAP systemsST-PI 2005_1_700affected
SAP_SEABAP based SAP systems2008_1_710affected
SAP_SEABAP based SAP systems740affected
SAP_SEABAP based SAP systems758affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References