Detections
Analytics

CVE-2026-34256

high

Description

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.

References

https://www.securityweek.com/sap-patches-critical-abap-vulnerability/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3731908

Details

Source: Mitre, NVD

Published: 2026-04-14

Updated: 2026-04-14

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Severity: High

EPSS

EPSS: 0.00036