OS Command Injection Vulnerability in SAP Forecasting & Replenishment
CVE-2026-34259

8.2HIGH

Key Information:

Vendor: SAP
Status: SAP Forecasting & Replenishment
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34259?

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability.

Affected Version(s)

SAP Forecasting & Replenishment SCM 702

SAP Forecasting & Replenishment 712

SAP Forecasting & Replenishment 713

References

https://me.sap.com/notes/3732471

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34259 Data

JSON