CVE-2026-27689 | THREATINT

Description

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.

PUBLISHED Reserved 2026-02-23 | Published 2026-03-10 | Updated 2026-03-10 | Assigner sap

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Problem types

CWE-606: Unchecked Input for Loop Condition

Product status

Default status

unaffected

SCMAPO 713

affected

714

affected

S4CORE 102

affected

103

affected

104

affected

S4COREOP 105

affected

106

affected

107

affected

108

affected

109

affected

SCM 700

affected

701

affected

702

affected

712

affected

References

me.sap.com/notes/3719502

url.sap/sapsecuritypatchday

cve.org (CVE-2026-27689)

nvd.nist.gov (CVE-2026-27689)

Download JSON