Privilege Escalation in SAP Fiori Intercompany Balance App
CVE-2026-0511 Published on January 13, 2026
Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.
Vulnerability Analysis
CVE-2026-0511 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-0511 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation):- Version UIAPFI70 500 is affected.
- Version 600 is affected.
- Version 700 is affected.
- Version 800 is affected.
- Version 900 is affected.
- Version 901 is affected.
- Version 902 is affected.
- Version S4CORE 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
- Version 108 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.