CVE-2026-40133 MEDIUM

CVE-2026-40133: Missing Authorization check in SAP S/4HANA Condition Maintenance

Vendor Sap_Se
Product SAP S/4HANA Condition Maintenance
Weakness CWE-862 · Missing authorization
Published May 12, 2026
Last update May 12, 2026
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
May 12, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-32336 WordPress Rara Business theme <= 1.3.0 - Broken Access Control vulnerability CVE-2025-14629 Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion CVE-2026-24598 WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability CVE-2024-33595 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability CVE-2023-47771 WordPress Essential Grid plugin <= 3.0.18 - Multiple Authenticated Broken Access Control vulnerability