SAP MDG Review Match Groups App Auth Bypass Enables Priv Esc
CVE-2026-44750 Published on June 9, 2026
Missing Authorization check in SAP MDG (Review Match Groups Application)
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted.
Vulnerability Analysis
CVE-2026-44750 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-44750 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
SAP_SE SAP MDG (Review Match Groups Application):- Version S4CORE 108 is affected.
- Version SAP_BASIS 916 is affected.
- Version SAP_BASIS 917 is affected.
- Version SAP_ABA 816 is affected.