CVE-2026-24317NVD

Vulnerability Summary

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

Severity Level

MEDIUM(5.0)

Published Date

Mar 10, 2026

Last Modified

Mar 11, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

CWE-427: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://me.sap.com/notes/3699761
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-24317NVD

Vulnerability Summary

External References