Authorization Bypass Vulnerability in SAP S/4HANA by SAP
CVE-2026-27673

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (private Cloud And On-premise)
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27673?

A security flaw in SAP S/4HANA affects both its Private Cloud and On-Premise versions, where a lack of proper authorization checks enables authenticated users to execute unauthorized file deletions on the operating system. This loophole could result in unauthorized control over critical file operations, putting system integrity and availability at risk. It is essential for organizations using SAP S/4HANA to implement the latest security patches and remain vigilant against potential exploitation.

Affected Version(s)

SAP S/4HANA (Private Cloud and On-Premise) S4CORE 105

SAP S/4HANA (Private Cloud and On-Premise) 106

SAP S/4HANA (Private Cloud and On-Premise) 107

References

https://me.sap.com/notes/3703813

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27673 Data

JSON