High-Privilege DB Query Execution Exposing Backend in SAP S/4HANA PPM-PRO
CVE-2026-44769 Published on July 14, 2026
SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
Vulnerability Analysis
CVE-2026-44769 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2026-44769 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2026-44769
Want to know whenever a new CVE is published for SAP S4hana? stack.watch will email you.
Affected Versions
SAP_SE SAP S/4HANA Project Management (PPM-PRO):- Version SAP_APPL 600 is affected.
- Version 602 is affected.
- Version 603 is affected.
- Version 604 is affected.
- Version 605 is affected.
- Version 606 is affected.
- Version 617 is affected.
- Version 618 is affected.
- Version S4CORE 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
- Version 108 is affected.
- Version CPRXRPM 400 is affected.
- Version 450_700 is affected.
- Version 500_702 is affected.
- Version 610_740 is affected.