Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
SAP S/4HANA OData Service allows unauthorized updates and deletions
CVE-2026-27679
Summary
An attacker can update and delete sensitive data without permission. This is a serious issue because it could compromise the integrity of your SAP S/4HANA system. We recommend you apply the latest security patches and ensure proper authorization settings are in place.
Original title
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without pr...
Original description
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026