CVE Catalog

CVE-2026-27671

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption.

Risk Assessment

This could lead to a high impact on the confidentiality, integrity, and availability of the application, posing a risk to the organization.

Recommendation

It is recommended to update to the latest version of SAP to patch this vulnerability and to monitor systems for suspicious RFC requests.

Original NVD description (English source)

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS