PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-0487 SAP_SE CVE debrief

CVE-2026-0487 is a high-severity vulnerability in SAP SAProuter on Microsoft Windows. An unauthenticated attacker can load library (DLL) files from an untrusted location, enabling them to execute malicious code on the system. This could allow the attacker to hijack the DLL loading process and achieve arbitrary code execution. The vulnerability has a high impact on confidentiality, integrity, and availability of the system.

Vendor
SAP_SE
Product
SAProuter on Microsoft Windows
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-14
Advisory published
2026-07-14
Advisory updated
2026-07-14

Who should care

Organizations using SAP SAProuter on Microsoft Windows should prioritize patching this vulnerability. The high CVSS score of 8.4 indicates significant risk, and the potential for arbitrary code execution makes it critical to address promptly.

Technical summary

The vulnerability exists in the SAProuter component of SAP software when running on Microsoft Windows. It allows an unauthenticated attacker to load DLL files from an untrusted location, which can lead to arbitrary code execution. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high severity score of 8.4. The weakness is categorized under CWE-427, Uncontrolled Search Path Element.

Defensive priority

High priority should be given to patching this vulnerability due to its high CVSS score and the potential for arbitrary code execution.

Recommended defensive actions

  • Apply the vendor-provided patch as soon as possible.
  • Review and update inventory to ensure all instances of SAProuter on Microsoft Windows are identified and patched.
  • Implement compensating controls such as monitoring for suspicious DLL loading activities.
  • Consider restricting access to the SAProuter service to trusted locations only.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Evidence notes

The CVE record was published on 2026-07-14T01:16:16.370Z and has not been modified since then. The NVD entry is currently in the 'Received' status. SAP has provided references to note 3692165 and their security patch day information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T01:16:16.370Z and has not been modified since then. The NVD entry is currently in the 'Received' status.