CVE-2026-23689

Summary

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Supply Chain ManagementSCMAPO 713affected
SAP_SESAP Supply Chain Management714affected
SAP_SESAP Supply Chain ManagementSCM 700affected
SAP_SESAP Supply Chain Management701affected
SAP_SESAP Supply Chain Management702affected
SAP_SESAP Supply Chain Management712affected

Weaknesses

  • CWE-606: CWE-606: Unchecked Input for Loop Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References