SAP NetWeaver ABAP: Kernel RFC Memory Corruption Vulnerability
CVE-2026-27671 Published on June 9, 2026
Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
Vulnerability Analysis
CVE-2026-27671 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2026-27671 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2026-27671
Want to know whenever a new CVE is published for SAP NetWeaver? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver AS ABAP and ABAP Platform:- Version KRNL64NUC 7.22 is affected.
- Version 7.22EXT is affected.
- Version KRNL64UC 7.22 is affected.
- Version 722EXT is affected.
- Version 7.53 is affected.
- Version KERNEL 7.22 is affected.
- Version 7.54 is affected.
- Version 7.77 is affected.
- Version 7.89 is affected.
- Version 7.93 is affected.
- Version 9.16 is affected.
- Version 9.18 is affected.
- Version 91.9 is affected.