Privilege Escalation Vulnerability in SAP HANA Database by SAP
CVE-2026-0492

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Hana Database
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0492?

The SAP HANA database has a vulnerability that allows an attacker with valid user credentials to escalate privileges by switching to another user's account. This could result in unauthorized access, potentially compromising the confidentiality, integrity, and availability of critical systems. Organizations using SAP HANA should take immediate action to mitigate this risk.

Affected Version(s)

SAP HANA database HDB 2.00

References

https://me.sap.com/notes/3691059

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 9, 2025

CVE-2026-0492 Data

JSON