Session Disruption Vulnerability in SAP Financial Consolidation
CVE-2026-40136

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Financial Consolidation
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-40136?

SAP Financial Consolidation contains a vulnerability that allows an authenticated attacker to temporarily disrupt the sessions of other users, effectively preventing their access to the application. This issue, however, does not compromise the application's overall integrity or confidentiality, maintaining the security of user data. It is essential for organizations using this software to review the current security patches and take necessary measures to mitigate any potential session interruptions.

Affected Version(s)

SAP Financial Consolidation FINANCE 1010

References

https://me.sap.com/notes/3713521

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40136 Data

JSON