Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
SAP S/4HANA Allows Authenticated User to Delete System Files
CVE-2026-27673
Summary
A security issue in SAP S/4HANA allows an authenticated user to delete important system files, giving them control over the system. This could lead to system crashes or data loss. SAP is working on a fix, and users should apply the latest updates as soon as possible.
Original title
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operati...
Original description
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.
nvd CVSS3.1
4.9
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026