CVE-2026-44744 MEDIUM

CVE-2026-44744: SQL Injection vulnerability in SAP S/4HANA

Vendor Sap_Se

Product SAP S/4HANA

Weakness CWE-89 · SQLi

Published June 9, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access to. The vulnerability has a high impact on the confidentiality of the data with no impact on the integrity and availability of the application.

Key dates

02Disclosure timeline

June 9, 2026 CVE published

June 9, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-44744 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2026-44744

CWE CWE-89

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP S/4HANA

Affected S4FND 102

Vendor Sap_Se

Product SAP S/4HANA

Affected 103

Vendor Sap_Se

Product SAP S/4HANA

Affected 104

Vendor Sap_Se

Product SAP S/4HANA

Affected 105

Vendor Sap_Se

Product SAP S/4HANA

Affected 106

Vendor Sap_Se

Product SAP S/4HANA

Affected 107

Vendor Sap_Se

Product SAP S/4HANA

Affected 108

Vendor Sap_Se

Product SAP S/4HANA

Affected 109

CVE-2026-44744: SQL Injection vulnerability in SAP S/4HANA

01Description

02Disclosure timeline

03References

04Related CVE