SAP ABAP Remote Function Module Auth Bypass Exposes System Info
CVE-2026-0486 Published on February 10, 2026
Missing Authorization Check in ABAP based SAP systems
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.
Vulnerability Analysis
CVE-2026-0486 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-0486 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
SAP_SE ABAP based SAP systems:- Version ST-PI 2005_1_700 is affected.
- Version 2008_1_710 is affected.
- Version 740 is affected.
- Version 758 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.