CVE-2026-27675 LOW

CVE-2026-27675: Code Injection vulnerability in SAP Landscape Transformation

Vendor Sap_Se
Product SAP Landscape Transformation
Weakness CWE-94 · Code injection
Published April 14, 2026
Last update April 14, 2026

CVSS base score

2.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated

Related vulnerabilities

04Related CVE