CVE-2026-27673

Summary

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA (Private Cloud and On-Premise)S4CORE 105affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)106affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)107affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)108affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)109affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)FI-CA 606affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)616affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)617affected
SAP_SESAP S/4HANA (Private Cloud and On-Premise)618affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References