Arbitrary Dir DLL Load RCE in SAP GUI Windows
CVE-2026-24317 Published on March 10, 2026

DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT
SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

NVD

Vulnerability Analysis

CVE-2026-24317 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a DLL preloading Vulnerability?

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CVE-2026-24317 has been classified to as a DLL preloading vulnerability or weakness.


Affected Versions

SAP_SE SAP GUI for Windows with active GuiXT Version BC-FES-GUI 8.00 is affected by CVE-2026-24317

Exploit Probability

EPSS
0.03%
Percentile
8.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.