SAP
CVE-2026-0496
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
AnalysisAI
SAP Fiori App Intercompany Balance Reconciliation contains an unrestricted file upload vulnerability that permits high-privileged attackers to upload malicious files, including scripts, due to insufficient file format validation. While the direct impact on confidentiality, integrity, and availability is limited, this flaw could enable attackers with administrative access to compromise application functionality or escalate their capabilities. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
Affected ProductsAI
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.
Share
External POC / Exploit Code
Leaving vuln.today