Description

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.

INFO

Published Date :

2026-03-10T00:18:33.189Z

Last Modified :

2026-03-10T16:52:48.429Z

Source :

sap
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27686 vulnerability.

Vendors Products
Sap Se
  • Sap Business Warehouse (service Api)
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27686.

URL Resource
https://me.sap.com/notes/3703385 cve-icon cve-icon
https://url.sap/sapsecuritypatchday cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact