Skip to main content

SAP HDI Deploy EUVD-2026-29359

| CVE-2026-40131 LOW
SQL Injection (CWE-89)
2026-05-12 sap GHSA-75qg-6cmg-3h9p
SQLi SAP
3.4
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 03:16 vuln.today
CVE Published
May 12, 2026 - 02:20 nvd
LOW 3.4

DescriptionNVD

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting confidentiality and availability of the application. There is no impact on integrity.

AnalysisAI

SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-29359 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy