CVE-2026-24312

Description

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap

Problem types

CWE-862: Missing Authorization

Product status

References

me.sap.com/notes/3710111

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24312)

nvd.nist.gov (CVE-2026-24312)

Download JSON