Skip to main content

SAP CVE-2026-27675

| EUVDEUVD-2026-22147 LOW
Code Injection (CWE-94)
2026-04-14 cna@sap.com GHSA-rqv3-6h29-j2m3
2.0
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 00:25 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 00:22 euvd
EUVD-2026-22147
Analysis Generated
Apr 14, 2026 - 00:22 vuln.today
CVE Published
Apr 14, 2026 - 00:16 nvd
LOW 2.0

DescriptionCVE.org

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

AnalysisAI

SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.

Technical ContextAI

The vulnerability resides in an RFC (Remote Function Call) interface exposed within SAP Landscape Transformation, a critical SAP system administration tool. RFC is SAP's proprietary protocol for synchronous communication between systems. The root cause is improper input validation in a function module (CWE-94: Improper Control of Generation of Code), allowing attackers to break out of intended code boundaries and execute arbitrary ABAP (Advanced Business Application Programming) or OS commands. The RFC exposure means the function is callable from remote systems, but exploitation requires high privilege credentials (PR:H in CVSS vector) and user interaction (UI:R), significantly limiting the threat surface.

RemediationAI

Apply the vendor-released security patch available via SAP Security Patch Day. Detailed patch versions and download locations are provided in SAP Note 3723097 (https://me.sap.com/notes/3723097) and the SAP Security Patch Day portal (https://url.sap/sapsecuritypatchday). As an interim measure, restrict RFC access to the affected function module to only trusted, authorized high-privilege accounts and implement network-level controls to limit RFC communication endpoints. Additionally, enforce strong authentication and audit logging for all RFC calls into Landscape Transformation environments.

Share

CVE-2026-27675 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy