CVE-2026-27671 | THREATINT

Description

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

PUBLISHED Reserved 2026-02-23 | Published 2026-06-09 | Updated 2026-06-09 | Assigner sap

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-121: Stack-based Buffer Overflow

Product status

Default status

unaffected

KRNL64NUC 7.22

affected

7.22EXT

affected

KRNL64UC 7.22

affected

722EXT

affected

7.53

affected

KERNEL 7.22

affected

7.54

affected

7.77

affected

7.89

affected

7.93

affected

9.16

affected

9.18

affected

91.9

affected

References

me.sap.com/notes/3717897

url.sap/sapsecuritypatchday

cve.org (CVE-2026-27671)

nvd.nist.gov (CVE-2026-27671)

Download JSON