CVE-2026-0506

Published Jan 13, 2026

Last updated 2 months ago

CVSS high 8.1

SAP

Overview

Description: Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.
Source: cna@sap.com
NVD status: Analyzed
Products: netweaver_application_server_abap

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

📌 Top CVEs recientes (CVSS>=7.0): 1. ⚠️ CVE-2025-40942 (CVSS: 8.8) 2. 🚪 CVE-2026-0511 (CVSS: 8.1) 3. ⚠️ CVE-2026-0507 (CVSS: 8.4) 4. 🚪 CVE-2026-0506 (CVSS: 8.1) 5. 🔥 CVE-2026-0500 (CVSS: 9.6) #CyberSecurity #CVE #Infosec
@DavidMarquet19
9 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:816:*:*:*:sap_basis:*:*:*",
            "matchCriteriaId": "32888162-53F9-4598-8C04-E4A4903AAB57",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References