CVE-2026-24317

Summary

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP GUI for Windows with active GuiXTBC-FES-GUI 8.00affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References