CRITICALCVE-2026-0501Published Modified CNA sap
CVE-2026-0501: SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)
Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.
Metrics
- CVSS v3.1
- 9.9
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
Affected packages
- SAP_SE / SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)S4CORE 102 · 103 · 104 · 105 · 106 · 107
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HReferences