Missing Authorization Check in SAP Business Analytics and Content Management
CVE-2026-34261

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Analytics And SAP Content Management
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-34261?

A missing authorization check in SAP Business Analytics and SAP Content Management allows authenticated users to make unauthorized calls to specific remote function modules. This flaw could lead to the exposure of sensitive information, exceeding user permissions. While the integrity and availability of the system remain unaffected, organizations should address this issue promptly to safeguard confidential data. For further details, consult SAP's security advisory and notes for recommended mitigation measures.

Affected Version(s)

SAP Business Analytics and SAP Content Management S4HCMRXX 100

SAP Business Analytics and SAP Content Management 101

SAP Business Analytics and SAP Content Management 102

References

https://me.sap.com/notes/3705094

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34261 Data

JSON