CVE-2026-0488NVD

Vulnerability Summary

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

Severity Level

CRITICAL(9.9)

Published Date

Feb 10, 2026

Last Modified

Feb 17, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.02%Probability

Root Weakness (CWE)

CWE-862: Missing Authorization ↗

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://me.sap.com/notes/3697099
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-0488NVD

Vulnerability Summary

External References