Detections
Analytics

CVE-2026-24317

medium

Description

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3699761

Details

Source: Mitre, NVD

Published: 2026-03-10

Updated: 2026-03-11

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.00029