Hana Database
CVE-2026-0492
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.
AnalysisAI
Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).
Technical ContextAI
This vulnerability (CWE-306: Missing Authentication for Critical Function) affects Hana Database. SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.
RemediationAI
A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.
More in Hana Database
View allSAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which cras
SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerab
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-di
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Dat
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today