Missing Authorization Check in SAP Business Warehouse
CVE-2026-27686

5.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Warehouse (service Api)
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-27686?

A missing authorization check in the Service API of SAP Business Warehouse allows authenticated attackers to execute unauthorized actions through affected RFC function modules. This vulnerability can lead to unauthorized configuration modifications and control changes, which may disrupt request processing and cause denial of service. While the impact on confidentiality is unaffected, the integrity remains low and availability can be significantly compromised, affecting the overall system functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Business Warehouse (Service API) DW4CORE 200

SAP Business Warehouse (Service API) 300

SAP Business Warehouse (Service API) 400

References

https://me.sap.com/notes/3703385

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 23, 2026

JSON

SAP

What is CVE-2026-27686?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.