OS Command Execution Vulnerability in SAP Forecasting & Replenishment
CVE-2026-34259

8.2HIGH

Key Information:

Vendor: SAP
Status: SAP Forecasting & Replenishment
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34259?

The OS Command Execution vulnerability in SAP Forecasting & Replenishment allows an authenticated attacker with administrative rights to exploit a non-remote-enabled function. This could lead to the execution of arbitrary operating system commands, granting the attacker the ability to access, modify, or shut down critical system data. The resulting compromise impacts the confidentiality, integrity, and availability of the system, posing significant risks to organizational operations.

Affected Version(s)

SAP Forecasting & Replenishment SCM 702

SAP Forecasting & Replenishment 712

SAP Forecasting & Replenishment 713

References

https://me.sap.com/notes/3732471

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34259 Data

JSON