Authorization Flaw in SAP ABAP Application Server Allows Privilege Escalation
CVE-2026-44751

7.1HIGH

Key Information:

Vendor

SAP

Vendor
CVE Published:
9 June 2026

What is CVE-2026-44751?

The SAP ABAP Application Server contains a flaw in its authorization checks for authenticated users. This vulnerability allows malicious actors to execute unauthorized report generation commands, potentially overwriting data belonging to other users. As a result, attackers may gain elevated privileges within the system, compromising the integrity of user information. While this issue primarily affects the integrity of the application by allowing unauthorized data access, it does not compromise the overall availability or confidentiality of the system.

Affected Version(s)

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 700

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 701

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 702

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.