PatchSiren cyber security CVE debrief
CVE-2026-44751 SAP_SE CVE debrief
A vulnerability was discovered in the SAP Application Server ABAP, which allows an authenticated user to execute a report generation command that could overwrite information belonging to another user, resulting in escalation of privileges. This vulnerability has a high impact on integrity, low impact on availability, and no impact on confidentiality of the application.
- Vendor
- SAP_SE
- Product
- SAP NetWeaver AS ABAP and ABAP Platform
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of SAP Application Server ABAP should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by the lack of necessary authorization checks for an authenticated user in the SAP Application Server ABAP. This allows an attacker to execute a report generation command that could overwrite information belonging to another user.
Defensive priority
High
Recommended defensive actions
- Apply the necessary patches and updates to fix the vulnerability.
- Review and update the authorization checks for authenticated users in the SAP Application Server ABAP.
- Monitor the system for any suspicious activity.
Evidence notes
The vulnerability was reported by an unknown vendor, but evidence suggests that it is related to SAP.
Official resources
CVE-2026-44751 was published on 2026-06-09T01:16:46.867Z and modified on 2026-06-09T02:08:28.150Z.