Plattform
sap
Komponente
sap-business-planning-and-consolidation
Behoben in
810.0.1
4.0.1
750.0.1
752.0.1
753.0.1
754.0.1
755.0.1
756.0.1
757.0.1
758.0.1
816.0.1
CVE-2026-27681 describes a critical SQL Injection vulnerability affecting SAP Business Planning and Consolidation and SAP Business Warehouse. This flaw allows an authenticated attacker to execute arbitrary SQL statements, potentially compromising the confidentiality, integrity, and availability of sensitive data. The vulnerability impacts versions 8.10–SAP_BW 750, and a patch is expected from SAP.
The impact of CVE-2026-27681 is severe. Successful exploitation allows an attacker to bypass authorization checks and directly manipulate the underlying database. This could lead to unauthorized access to sensitive financial data, customer information, or strategic business plans stored within the SAP system. An attacker could read, modify, or even delete critical data, disrupting business operations and potentially leading to significant financial losses and reputational damage. The ability to execute arbitrary SQL commands grants a high degree of control over the affected system, making it a high-priority security concern.
CVE-2026-27681 was publicly disclosed on 2026-04-14. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on SAP Business Planning and Consolidation and SAP Business Warehouse for financial planning, budgeting, and supply chain management are particularly at risk. Companies with legacy SAP deployments or those that have not implemented robust security controls are also more vulnerable. Shared hosting environments where multiple tenants share the same SAP instance should be carefully reviewed for potential cross-tenant exploitation.
• sap: Use SAP Solution Manager to check for missing security patches and identify affected systems.
• linux / server: Monitor SAP application logs for unusual SQL queries or error messages indicating potential injection attempts. Use journalctl -u <sapservicename> to filter for relevant log entries.
• generic web: Monitor web application firewall logs for SQL injection patterns targeting SAP endpoints. Use curl -v <sap_endpoint> to test for unexpected behavior and potential injection points.
disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27681 is to apply the security patch released by SAP as soon as it becomes available. Until the patch is applied, consider implementing temporary workarounds to reduce the attack surface. These may include restricting access to vulnerable functionalities, implementing stricter input validation on user-supplied data, and closely monitoring database activity for suspicious queries. Review SAP security notes for specific recommendations. After applying the patch, verify the fix by attempting to reproduce the vulnerability using the original attack vector; confirm that the SQL injection is no longer possible.
Aplique el parche de seguridad SAP 3719353 para mitigar la vulnerabilidad de inyección SQL. Este parche corrige las deficiencias en las comprobaciones de autorización que permiten la ejecución de sentencias SQL maliciosas, protegiendo así la confidencialidad, integridad y disponibilidad de los datos del sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27681 is a critical SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse, allowing attackers to execute SQL commands and potentially access or modify sensitive data.
If you are using SAP Business Planning and Consolidation or SAP Business Warehouse versions 8.10–SAP_BW 750, you are potentially affected and should immediately assess your systems.
Apply the security patch released by SAP. Consult the SAP Security Notes for specific instructions and compatibility information.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the official SAP Security Notes published on the SAP Support Portal for detailed information and remediation steps.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.