Insufficient Input Handling in SAP Identity Management REST Interface
CVE-2026-0504

3.8LOW

Key Information:

Vendor: SAP
Status: SAP Identity Management
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0504?

The SAP Identity Management REST interface is susceptible to a vulnerability caused by insufficient handling of input data. This flaw enables an authenticated administrator to send malicious REST requests that are improperly processed through JNDI operations. Without adequate input neutralization, this vulnerability potentially allows limited disclosure or modification of confidential data. While the impact on data integrity is notable, there is no effect on the availability of the application. It is essential for organizations using this interface to review their security protocols and apply necessary patches to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Identity Management IDM_CLM_REST_API 8.0

SAP Identity Management IDMIC 8.0

References

https://me.sap.com/notes/3657998

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 9, 2025

JSON

SAP