SAP Financial Consolidation Authenticated Session Termination
CVE-2026-40136 Published on May 12, 2026

Denial of service (DoS) in SAP Financial Consolidation
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity of the data

NVD

Vulnerability Analysis

CVE-2026-40136 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.


Products Associated with CVE-2026-40136

Want to know whenever a new CVE is published for SAP Financial Consolidation? stack.watch will email you.

SAP Financial Consolidation
 

Affected Versions

SAP_SE SAP Financial Consolidation Version FINANCE 1010 is affected by CVE-2026-40136