SAP Fiori Intercompany Balance Recon: Restricted Data Exposure
CVE-2026-0494 Published on January 13, 2026
Information Disclosure vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.
Vulnerability Analysis
CVE-2026-0494 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Affected Versions
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation):- Version UIAPFI70 500 is affected.
- Version 600 is affected.
- Version 700 is affected.
- Version 800 is affected.
- Version 900 is affected.
- Version 901 is affected.
- Version 902 is affected.
- Version UIS4H 109 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.