VDB
GCVE-110-NCSC-2026-52
GCVE-110-NCSC-2026-52
Advisory PublishedCVSS 9.9/10
An authenticated attacker can exploit a code injection vulnerability in SAP CRM and SAP S/4HANA's Scripting Editor to execute unauthorized SQL statements, compromising database confidentiality, integrity, and availability.
Weaknesses (CWE)
CWE-862Missing AuthorizationCWE-347Improper Verification of Cryptographic SignatureCWE-606Unchecked Input for Loop ConditionCWE-405Asymmetric Resource Consumption (Amplification)CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-366Race Condition within a ThreadCWE-316Cleartext Storage of Sensitive Information in MemoryCWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-502Deserialization of Untrusted DataCWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Risk Scores
CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| SAP | vers:unknown/* | — | — |
Aliases
CVE-2025-0059CVE-2025-12383CVE-2026-0484CVE-2026-0485CVE-2026-0486CVE-2026-0488CVE-2026-0490CVE-2026-0505CVE-2026-0508CVE-2026-0509CVE-2026-23681CVE-2026-23684CVE-2026-23685CVE-2026-23686CVE-2026-23687CVE-2026-23688CVE-2026-23689CVE-2026-24312CVE-2026-24319CVE-2026-24320CVE-2026-24321CVE-2026-24322CVE-2026-24323CVE-2026-24324CVE-2026-24325CVE-2026-24326CVE-2026-24327CVE-2026-24328
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.