CVE-2026-24312 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-24312 PUBLISHED CVSS 5.199999809265137 MEDIUM

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

EPSS 0.02% · 6.3th percentile

Risk Scores

CVSS v3.1

5.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N

EPSS Score

0.02%

6.3th percentile

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Business Workflow	SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755
sap	sap_basis	752, 753, 754

Timeline

Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score

References

Open in Interactive Console →