CVE-2026-27673 MEDIUM

CVE-2026-27673: Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

Vendor Sap_Se
Product SAP S/4HANA (Private Cloud and On-Premise)
Weakness CWE-862 · Missing authorization
Published April 14, 2026
Last update April 14, 2026

CVSS base score

4.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated