CVE-2026-0506HIGH 8.1EPSS p13.3%

CVE-2026-0506CVE-2026-0506

Description

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.23% probability of exploitation · percentile 13.3% · 2026-06-19T12:03:05Z
Published2026-01-13
Last modified2026-01-22

Underlying weaknesses· 1

CWE-862

References

  1. https://me.sap.com/notes/3688703
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0509
CVE
CVE-2026-24309
CVE
CVE-2026-24310
CVE
CVE-2025-0063
CVE
CVE-2025-0066
CVE
CVE-2026-44751
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.