CVE-2026-0507HIGH 8.4EPSS p54.3%

CVE-2026-0507CVE-2026-0507

Description

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Scoring

CVSS 3.18.4 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.88% probability of exploitation · percentile 54.3% · 2026-06-19T12:03:05Z
Published2026-01-13
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://me.sap.com/notes/3675151
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40135
CVE
CVE-2025-0066
CVE
CVE-2026-0509
CVE
CVE-2025-0070
CVE
CVE-2025-42922
CVE
CVE-2026-0506
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.