Home

Description

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability.

PUBLISHED Reserved 2026-03-26 | Published 2026-05-12 | Updated 2026-05-12 | Assigner sap




HIGH: 8.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-77: Improper Neutralization of Special Elements used in a Command

Product status

Default status
unaffected

SCM 702
affected

712
affected

713
affected

714
affected

References

me.sap.com/notes/3732471

url.sap/sapsecuritypatchday

cve.org (CVE-2026-34259)

nvd.nist.gov (CVE-2026-34259)

Download JSON