CVE-2026-44751 PUBLISHED

Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Assigner: sap
Reserved: 07.05.2026 Published: 09.06.2026 Updated: 09.06.2026

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVSS Score: 7.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP NetWeaver AS ABAP and ABAP Platform
Versions	Default: unaffected Version SAP_BASIS 700 is affected Version SAP_BASIS 701 is affected Version SAP_BASIS 702 is affected Version SAP_BASIS 731 is affected Version SAP_BASIS 740 is affected Version SAP_BASIS 750 is affected Version SAP_BASIS 751 is affected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected

CVE-2026-44751 PUBLISHED

Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Metrics

Product Status

References

Problem Types