CVE-2026-0501

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.

Vulnerability Details

Published Date

January 13, 2026

Last Modified

January 13, 2026

CWE ID

CWE-89

Source

NVD

External References

https://me.sap.com/notes/3687749
https://url.sap/sapsecuritypatchday

CVE-2026-0501

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment