CVE-2026-24317 | THREATINT

Description

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

PUBLISHED Reserved 2026-01-21 | Published 2026-03-10 | Updated 2026-03-11 | Assigner sap

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

Default status

unaffected

BC-FES-GUI 8.00

affected

References

me.sap.com/notes/3699761

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24317)

nvd.nist.gov (CVE-2026-24317)

Download JSON