CVE-2026-24312 PUBLISHED

Missing authorization check in SAP Business Workflow

Assigner: sap
Reserved: 21.01.2026 Published: 10.02.2026 Updated: 10.02.2026

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
CVSS Score: 5.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	High	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Business Workflow
Versions	Default: unaffected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected

CVE-2026-24312 PUBLISHED

Missing authorization check in SAP Business Workflow

Metrics

Product Status

References

Problem Types