SAP Business Workflow Priv Escalation via Auth Check
CVE-2026-24312 Published on February 10, 2026
Missing authorization check in SAP Business Workflow
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.
Vulnerability Analysis
CVE-2026-24312 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-24312 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
SAP_SE SAP Business Workflow:- Version SAP_BASIS 752 is affected.
- Version SAP_BASIS 753 is affected.
- Version SAP_BASIS 754 is affected.
- Version SAP_BASIS 755 is affected.
- Version SAP_BASIS 756 is affected.
- Version SAP_BASIS 757 is affected.
- Version SAP_BASIS 758 is affected.
- Version SAP_BASIS 816 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.