Authorization Flaw in SAP Solution Tools Plug-In Affects User Confidentiality
CVE-2026-24322

7.7HIGH

Key Information:

Vendor: SAP
Status: SAP Solution Tools Plug-in (st-pi)
Vendor: CVE Published:; 10 February 2026

What is CVE-2026-24322?

The SAP Solution Tools Plug-In (ST-PI) has a critical flaw where its function module fails to implement necessary authorization checks for authenticated users. This oversight can lead to unauthorized access, enabling attackers to expose sensitive information. The vulnerability compromises user confidentiality, making it essential for organizations using this product to apply security patches and ensure robust access controls are in place. As such breaches can significantly undermine data protection strategies, immediate attention is required to address this loophole.

Affected Version(s)

SAP Solution Tools Plug-In (ST-PI) ST-PI 2008_1_700

SAP Solution Tools Plug-In (ST-PI) 2008_1_710

SAP Solution Tools Plug-In (ST-PI) 740

References

https://me.sap.com/notes/3705882

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24322 Data

JSON