CVE-2026-24309NVD

Vulnerability Summary

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.

Severity Level

MEDIUM(6.4)

Published Date

Mar 10, 2026

Last Modified

Jun 3, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.06%Probability

Root Weakness (CWE)

CWE-862: Missing Authorization ↗

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityNone

IntegrityLow

AvailabilityLow

External References

https://me.sap.com/notes/3703856
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-24309NVD

Vulnerability Summary

External References