Home

Description

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-14 | Assigner sap




CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Product status

Default status
unaffected

S4CORE 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

109
affected

References

me.sap.com/notes/3687749

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0501)

nvd.nist.gov (CVE-2026-0501)

Download JSON