Authorization Flaw in SAP NetWeaver Application Server for ABAP
CVE-2026-24310

3.5LOW

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-24310?

An authorization check bypass vulnerability exists within the SAP NetWeaver Application Server for ABAP. This flaw allows an authenticated attacker to execute specific ABAP function modules, which can result in unauthorized access to sensitive information stored in the database catalog. While this does not compromise the integrity or availability of the application, it poses a significant risk to data confidentiality, as it enables potential data exposure. This vulnerability highlights the necessity for robust access control measures within the ABAP environment to protect sensitive data from unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver Application Server for ABAP SAP_BASIS 702

SAP NetWeaver Application Server for ABAP SAP_BASIS 731

SAP NetWeaver Application Server for ABAP SAP_BASIS 740

References

https://me.sap.com/notes/3694383

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Jan 21, 2026

JSON

SAP