CVE-2026-24312

Published Feb 10, 2026

Last updated 15 days ago

CVSS medium 5.2

Overview

Description: An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.
Source: cna@sap.com
NVD status: Analyzed
Products: sap_basis

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.2
Impact score: 4.2
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*",
            "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*",
            "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*",
            "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*",
            "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*",
            "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*",
            "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:816:*:*:*:*:*:*:*",
            "matchCriteriaId": "EF7825FC-2F0F-4096-BE41-67B4DCC4F7DE",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References