CVE-2026-27671

9.8 CRITICAL

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unau...

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121

Description

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-27671
[Other]https://me.sap.com/notes/3717897
[Other]https://url.sap/sapsecuritypatchday

Related CVEs

Same CWE

CVE-2026-26241 — A buffer overflow vulnerability has been reported to affect File Station 5
CVE-2026-26240 — A buffer overflow vulnerability has been reported to affect File Station 5
CVE-2026-26239 — A buffer overflow vulnerability has been reported to affect File Station 5
CVE-2025-66280 — An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
CVE-2026-44634 — SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE)