CVE-2026-24317

DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT

CVSS 5 MEDIUMEPSS 0.2%CWE-427

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

SAP_SE · SAP GUI for Windows with active GuiXT

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3699761 https://url.sap/sapsecuritypatchday