CVE-2026-44751 HIGH

CVE-2026-44751: Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Vendor Sap_Se
Product SAP NetWeaver AS ABAP and ABAP Platform
Weakness CWE-862 · Missing authorization
Published June 9, 2026
Last update June 10, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 10, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-41619 WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control CVE-2025-31603 WordPress CF7 Spreadsheets plugin <= 2.3.2 - Settings Change vulnerability CVE-2024-47358 WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration CVE-2023-48332 WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerability