Authorization Bypass in Material Master Application by SAP
CVE-2026-27672

4.3MEDIUM

Key Information:

Vendor: SAP
Status: Material Master Application
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27672?

The Material Master application by SAP fails to enforce proper authorization checks for authenticated users while executing reports. This oversight can lead to the unintentional disclosure of sensitive information. Although the impact on confidentiality is noted to be low, it is crucial for users to address this vulnerability to protect against unauthorized access.

Affected Version(s)

Material Master Application S4CORE 102

Material Master Application 103

Material Master Application 104

References

https://me.sap.com/notes/3703276

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27672 Data

JSON