SAP Fiori App Manage Service Entry Sheets PrivEsc via Missing Auth Checks
CVE-2026-23688 Published on February 10, 2026
Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.
Vulnerability Analysis
CVE-2026-23688 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-23688 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services):- Version S4CORE 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.