CVE-2026-0491

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3697979
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) SAP Landscape Transformation permite a un atacante con privilegios de administrador explotar una vulnerabilidad en el módulo de función expuesto a través de RFC. Este fallo permite la inyección de código ABAP/comandos del sistema operativo arbitrarios en el sistema, eludiendo las comprobaciones de autorización esenciales. Esta vulnerabilidad funciona eficazmente como una puerta trasera, creando el riesgo de compromiso total del sistema, socavando la confidencialidad, integridad y disponibilidad del sistema.

13 Jan 2026, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 02:15

Updated : 2026-06-17 10:10

NVD link : CVE-2026-0491

Mitre link : CVE-2026-0491

CVE.ORG link : CVE-2026-0491

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2026-0491", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-0491", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:57:11.308577Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "affected": [{"source": "cna@sap.com", "affectedData": [{"vendor": "SAP_SE", "product": "SAP Landscape Transformation", "versions": [{"status": "affected", "version": "DMIS 2011_1_700"}, {"status": "affected", "version": "2011_1_710"}, {"status": "affected", "version": "2011_1_730"}, {"status": "affected", "version": "2011_1_731"}, {"status": "affected", "version": "2018_1_752"}, {"status": "affected", "version": "2020"}], "defaultStatus": "unaffected"}]}], "published": "2026-01-13T02:15:50.743", "references": [{"url": "https://me.sap.com/notes/3697979", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system."}, {"lang": "es", "value": "SAP Landscape Transformation permite a un atacante con privilegios de administrador explotar una vulnerabilidad en el m\u00f3dulo de funci\u00f3n expuesto a trav\u00e9s de RFC. Este fallo permite la inyecci\u00f3n de c\u00f3digo ABAP/comandos del sistema operativo arbitrarios en el sistema, eludiendo las comprobaciones de autorizaci\u00f3n esenciales. Esta vulnerabilidad funciona eficazmente como una puerta trasera, creando el riesgo de compromiso total del sistema, socavando la confidencialidad, integridad y disponibilidad del sistema."}], "lastModified": "2026-06-17T10:10:50.220", "sourceIdentifier": "cna@sap.com"}