CVE-2026-27675

EUVD-2026-22147 LOW

2026-04-14 [email protected]

GHSA-rqv3-6h29-j2m3

Sap Code Injection RCE

2.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 00:25 vuln.today

DescriptionNVD

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

AnalysisAI

SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27675 vulnerability details – vuln.today

Back