CVE-2026-34261 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-34261 PUBLISHED CVSS 6.5 MEDIUM

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Business Analytics and SAP Content Management	S4HCMRXX 100, 102, SAP_HRRXX 600

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 PoC Published
Apr 14, 2026 Security Advisory

References

Open in Interactive Console →