SAP ctsattach Insecure Deserialization RCE via Malicious Archive
CVE-2026-58233 Published on July 14, 2026

Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)
SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the applications library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.

NVD

Vulnerability Analysis

CVE-2026-58233 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-58233 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Affected Versions

SAP_SE SAP Change and Transport System Attach Tool (ctsattach) Version CTS_UPLOAD_CLT 1 is affected by CVE-2026-58233