Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform
CVE-2026-44751

7.1HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-44751?

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

Affected Version(s)

SAP NetWeaver and ABAP Platform SAP_BASIS 700

SAP NetWeaver and ABAP Platform SAP_BASIS 701

SAP NetWeaver and ABAP Platform SAP_BASIS 702

References

https://me.sap.com/notes/3735546

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44751 Data

JSON