CVE-2026-0509 | THREATINT

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

PUBLISHED Reserved 2025-12-09 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

KRNL64NUC 7.22

affected

7.22EXT

affected

KRNL64UC 7.22

affected

7.53

affected

KERNEL 7.22

affected

7.54

affected

7.77

affected

7.89

affected

7.93

affected

9.16

affected

9.18

affected

9.19

affected

References

me.sap.com/notes/3674774

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0509)

nvd.nist.gov (CVE-2026-0509)

Download JSON