VDB

CVE-2026-24326

CVE-2026-24326 PUBLISHED CVSS 4.300000190734863 MEDIUM

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.

EPSS 0.01% · 2.7th percentile

Risk Scores

CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.01%
2.7th percentile

Affected Products

VendorProductVersions
saps\/4hana_defense_\&_security603, 604, 605
SAP_SESAP S/4HANA Defense & Security (Disconnected Operations)EA-DFPS 600, 803, 604

Timeline

  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score
  • Feb 28, 2026 EPSS Score
  • Mar 2, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›