CVE-2026-24319 MEDIUM

CVE-2026-24319: Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)

Vendor Sap_Se
Product SAP Business One (B1 Client Memory Dump Files)
Weakness CWE-316
Published February 10, 2026
Last update February 26, 2026

CVSS base score

5.8/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 26, 2026 Record updated