SAP Landscape Transformation Vulnerability in RFC Function Module
CVE-2026-27675

2LOW

Key Information:

Vendor: SAP
Status: SAP Landscape Transformation
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27675?

The issue arises from an exposed RFC function module within SAP Landscape Transformation, allowing a privileged attacker to inject arbitrary ABAP code along with operating system commands. Although some information may be altered as a result of this exploit, the attacker has limited control over the nature and extent of modifications. As a direct consequence, while the integrity of the system might be somewhat compromised, the confidentiality and availability remain unaffected. This vulnerability underscores the importance of securing RFC-exposed interfaces to prevent unauthorized access and code execution.

Affected Version(s)

SAP Landscape Transformation DMIS 2011_1_700

SAP Landscape Transformation 2011_1_710

SAP Landscape Transformation 2011_1_730

References

https://me.sap.com/notes/3723097

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27675 Data

JSON