CVE-2026-27675 PUBLISHED

Code Injection vulnerability in SAP Landscape Transformation

Assigner: sap
Reserved: 23.02.2026 Published: 14.04.2026 Updated: 14.04.2026

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
CVSS Score: 2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Landscape Transformation
Versions	Default: unaffected Version DMIS 2011_1_700 is affected Version 2011_1_710 is affected Version 2011_1_730 is affected Version 2011_1_731 is affected Version 2011_1_752 is affected Version 2020 is affected Version S4CORE 102 is affected Version 103 is affected Version 104 is affected Version 105 is affected Version 106 is affected Version 107 is affected Version 108 is affected Version 109 is affected

CVE-2026-27675 PUBLISHED

Code Injection vulnerability in SAP Landscape Transformation

Metrics

Product Status

References

Problem Types