CVE-2026-0506

Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Description

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.

INFO

Published Date :

2026-01-13T01:14:33.899Z

Last Modified :

2026-01-13T01:14:33.899Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2026-0506 vulnerability.

Vendors	Products
Sap	Abap Platform Application Server Netweaver Netweaver Abap Netweaver Abap Application Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0506.

URL	Resource
https://me.sap.com/notes/3688703
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact