Netweaver As Abap Kernel
CVE-2026-0509
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
AnalysisAI
Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.
Technical ContextAI
CWE-862 in SAP NetWeaver. Low-privileged users can invoke background RFCs that should require higher privileges.
RemediationAI
Apply SAP security note.
More in Netweaver As Abap Kernel
View allSAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cau
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encod
Same weakness CWE-862 – Missing Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today