CVE-2026-27676

EUVD-2026-22148 MEDIUM

2026-04-14 [email protected]

GHSA-ghjj-x456-6m6f

Sap Authentication Bypass

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 00:25 vuln.today

DescriptionNVD

Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and availability are not impacted.

AnalysisAI

SAP S/4HANA OData Service for Manage Technical Object Structures allows authenticated users to update and delete child entities without proper authorization checks, enabling unauthorized data modification. The vulnerability affects S/4HANA deployments exposing the vulnerable OData service and requires valid user credentials but no elevated privileges. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27676 vulnerability details – vuln.today

Back

CVE-2026-27676

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code