CVE-2026-0492HIGH 8.8EPSS p20.1%

CVE-2026-0492CVE-2026-0492

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.1% · 2026-06-18T12:00:27Z
Published2026-01-13
Last modified2026-01-27

Underlying weaknesses· 1

CWE-306

References

  1. https://me.sap.com/notes/3691059
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42953
CVE
CVE-2025-0070
CVE
CVE-2026-27681
CVE
CVE-2025-42982
CVE
CVE-2026-21262
CVE
CVE-2026-0488
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.