SAP S/4HANA Authorization Vulnerability in Human Capital Management
CVE-2026-34264

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Human Capital Management For SAP S/4hana
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-34264?

In SAP S/4HANA's Human Capital Management module, a vulnerability arises during the authorization checks that may expose sensitive information. An authenticated user with limited privileges can leverage this flaw to guess and enumerate content outside their access rights. Consequently, this leads to the potential disclosure of confidential information while leaving integrity and availability levels intact. Organizations using this system should assess their security posture and implement necessary precautions.

Affected Version(s)

SAP Human Capital Management for SAP S/4HANA S4HCMRXX 100

SAP Human Capital Management for SAP S/4HANA 101

SAP Human Capital Management for SAP S/4HANA 102

References

https://me.sap.com/notes/3680767

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34264 Data

JSON