CVE-2026-0488 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0488 PUBLISHED CVSS 9.899999618530273 CRITICAL

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

EPSS 0.02% · 5.1th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.02%

5.1th percentile

Affected Products

Vendor	Product	Versions
SAP_SE	SAP CRM and SAP S/4HANA (Scripting Editor)	S4FND 102, 103, 104
sap	netweaver_application_server_abap	700, 700, 700
sap	s\/4hana	102, 103, 104
sap	webclient_ui_framework	700, 701, 730

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 10, 2026 PoC Published
Feb 11, 2026 EPSS Score
Feb 11, 2026 PoC Published

References

Open in Interactive Console →