CVE-2026-44771 PUBLISHED

Missing Authorization check in SAP S/4HANA (Draft operation)

Assigner: sap
Reserved: 07.05.2026 Published: 14.07.2026 Updated: 14.07.2026

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Product Status

Vendor SAP_SE
Product SAP S/4HANA (Draft operation)
Versions Default: unaffected
  • Version S4CORE 108 is affected

References

Problem Types