Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
SAP Business Planning and Consolidation and SAP Business Warehouse: SQL Injection Risk
CVE-2026-27681
Summary
An attacker can access or modify sensitive database data if they have an account. This is a serious issue because it could allow unauthorized changes to confidential information and disrupt system operations. SAP has released a security patch to fix the issue, so it's essential to update your systems as soon as possible.
Original title
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete ...
Original description
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.
nvd CVSS3.1
9.9
Vulnerability type
CWE-89
SQL Injection
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026