CVE-2026-34261 MEDIUM

CVE-2026-34261: Missing Authorization check in SAP Business Analytics and SAP Content Management

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Weakness CWE-862 · Missing authorization

Published April 14, 2026

Last update April 14, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

Key dates

02Disclosure timeline

April 14, 2026 CVE published

April 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-34261 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

Identifiers

CVE CVE-2026-34261

CWE CWE-862

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected S4HCMRXX 100

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected 101

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected 102

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected SAP_HRRXX 600

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected 604

Vendor Sap_Se

Product SAP Business Analytics and SAP Content Management

Affected 608

CVE-2026-34261: Missing Authorization check in SAP Business Analytics and SAP Content Management

01Description

02Disclosure timeline

03References

04Related CVE