- 87/2026
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released security updates to address vulnerabilities across multiple SAP products, including SAP Business Planning and Consolidation, SAP Business Warehouse, SAP ERP, SAP S/4HANA, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server (ABAP and Java), SAP Human Capital Management, SAP HANA Cockpit and HANA Database Explorer, SAP Supplier Relationship Management, and SAP Landscape Transformation.
The addressed vulnerabilities could allow the attacker to execute arbitrary SQL commands, gain unauthorized access, obtain and manipulate sensitive information, bypass security controls, perform denial-of-service and cross-site scripting attacks, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. SAP Business Planning and Consolidation and SAP Business Warehouse SQL Injection Vulnerability (CVE-2026-27681):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
2. SAP ERP and SAP S/4 HANA Missing Authorization Check Vulnerability (CVE- 2026-34256):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.