← back
CVE-2026-34261

Missing Authorization check in SAP Business Analytics and SAP Content Management

CVSS 6.5 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
SAP_SE · SAP Business Analytics and SAP Content Management

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3705094https://url.sap/sapsecuritypatchday