VDB
CVE-2026-27673
CVE-2026-27673
PUBLISHED
CVSS 4.900000095367432 MEDIUM
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.
EPSS 0.04% · 12.6th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
EPSS Score
0.04%
12.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP S/4HANA (Private Cloud and On-Premise) | 108, 109, S4CORE 105 |
Exploit Intelligence
- https://me.sap.com/notes/3703813 (circl)
- https://url.sap/sapsecuritypatchday (circl)
- CVE-2026-27673.json (github-poc)
- CVE-2026-27673.json (github-poc)
- CVE-2026-27673.json (github-poc)
- CVE-2026-27673.json (github-poc)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 Security Advisory
- Apr 17, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score