Critical Alert 1 Active Exploit Detected Today

CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability →
Powered by CVE Watchtower
×
June 14, 2026

CVE Watchtower


← Back to CVE List

CVE-2026-0509NVD

Vulnerability Summary

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
Severity Level
CRITICAL(9.6)
Published Date
Feb 10, 2026
Last Modified
Feb 17, 2026
Exploitation Status
????
EPSS Score (30-Day)
0.02%Probability
Root Weakness (CWE)
CWE-862: Missing Authorization β†—
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh

External References