SAProuter Windows: DLL Hijack Enables Arbitrary Code Exec
CVE-2026-0487 Published on July 14, 2026
DLL Hijacking vulnerability in SAProuter on Microsoft Windows
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.
Vulnerability Analysis
CVE-2026-0487 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2026-0487 has been classified to as a DLL preloading vulnerability or weakness.
Affected Versions
SAP_SE SAProuter on Microsoft Windows:- Version KRNL64NUC 7.22 is affected.
- Version 7.22EXT is affected.
- Version KRNL64UC 7.22 is affected.
- Version 7.53 is affected.
- Version SAP_ROUTER 7.53 is affected.
- Version 7.54 is affected.
- Version KERNEL 7.22 is affected.
- Version 7.77 is affected.
- Version 7.89 is affected.
- Version 7.93 is affected.
- Version 9.16 is affected.
- Version 9.17 is affected.
- Version 9.18 is affected.