SQL Injection vulnerability in SAP S/4HANA
CVE-2026-44744

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-44744?

SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access to. The vulnerability has a high impact on the confidentiality of the data with no impact on the integrity and availability of the application.

Affected Version(s)

SAP S/4HANA S4FND 102

SAP S/4HANA 103

SAP S/4HANA 104

References

https://me.sap.com/notes/3751691

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44744 Data

JSON