CVE-2026-0492 | THREATINT

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-14 | Assigner sap

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unaffected

HDB 2.00

affected

References

me.sap.com/notes/3691059

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0492)

nvd.nist.gov (CVE-2026-0492)

Download JSON