SAP Fiori App file upload without validation (CVE-2026-0496)
CVE-2026-0496 Published on January 13, 2026
Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
Vulnerability Analysis
CVE-2026-0496 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2026-0496 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Affected Versions
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation):- Version UIAPFI70 500 is affected.
- Version 600 is affected.
- Version 700 is affected.
- Version 800 is affected.
- Version 900 is affected.
- Version 901 is affected.
- Version 902 is affected.
- Version S4CORE 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
- Version 108 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.