DLL Loading Vulnerability in SAP GUI for Windows
CVE-2026-24317

5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Gui For Windows With Active Guixt
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-24317?

SAP GUI for Windows has a vulnerability that permits the loading of dynamic link library (DLL) files from arbitrary directories within the application. This flaw could be exploited by an unauthenticated attacker who convinces a victim to place a malicious DLL in one of the affected directories. If GuiXT is enabled, the malicious command could execute within the context of the victim user, potentially leading to unauthorized actions. Users are advised to update to the latest version to mitigate this risk and enhance their security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP GUI for Windows with active GuiXT BC-FES-GUI 8.00

References

https://me.sap.com/notes/3699761

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Jan 21, 2026

JSON

SAP