Input Validation Flaw in SAP S/4HANA Private Cloud Financials General Ledger
CVE-2026-0501

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP S/4hana Private Cloud And On-premise (financials � General Ledger)
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0501?

A vulnerability exists in SAP S/4HANA Private Cloud and On-Premise that stems from insufficient input validation, potentially allowing an authenticated user to craft and execute malicious SQL queries. This could lead to unauthorized access to backend database data, resulting in unauthorized reading, modifying, or deletion of sensitive information. The flaw poses significant risks to the application's confidentiality, integrity, and availability.

Affected Version(s)

SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger) S4CORE 102

SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger) 103

SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger) 104

References

https://me.sap.com/notes/3687749

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 9, 2025

JSON