CVE-2026-34256 HIGH

CVE-2026-34256: Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Vendor Sap_Se
Product SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Weakness CWE-862 · Missing authorization
Published April 14, 2026
Last update April 14, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated

Related vulnerabilities

04Related CVE