CVE-2026-34264 — Vulnetix

CVE-2026-34264 PUBLISHED CVSS 6.5 MEDIUM

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Human Capital Management for SAP S/4HANA	S4HCMRXX 100, 101, 102

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 PoC Published
Apr 14, 2026 Security Advisory

References

https://me.sap.com/notes/3680767 url
https://url.sap/sapsecuritypatchday url
https://nvd.nist.gov/vuln/detail/CVE-2026-34264 advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html advisory

Open in Interactive Console →