Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
SAP ERP and S/4HANA: Attacker can overwrite critical system reports
CVE-2026-34256
Summary
An attacker with access to the system can modify critical reports without permission, potentially causing system unavailability and disrupting operations. This affects SAP ERP and S/4HANA systems, both on-premise and in private cloud. To mitigate this risk, ensure that access controls and authorization checks are properly configured and enforced.
Original title
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?char...
Original description
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.
nvd CVSS3.1
7.1
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026