Detections
Analytics

CVE-2026-0507

high

Description

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3675151

Details

Source: Mitre, NVD

Published: 2026-01-13

Updated: 2026-01-13

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:A/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00437