Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-0498

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.0%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2026-0498
  • Sap » S/4 Hana » Version: 102
    cpe:2.3:a:sap:s/4_hana:102
  • Sap » S/4 Hana » Version: 103
    cpe:2.3:a:sap:s/4_hana:103
  • Sap » S/4 Hana » Version: 104
    cpe:2.3:a:sap:s/4_hana:104
  • Sap » S/4 Hana » Version: 105
    cpe:2.3:a:sap:s/4_hana:105
  • Sap » S/4 Hana » Version: 106
    cpe:2.3:a:sap:s/4_hana:106
  • Sap » S/4 Hana » Version: 107
    cpe:2.3:a:sap:s/4_hana:107
  • Sap » S/4 Hana » Version: 108
    cpe:2.3:a:sap:s/4_hana:108
  • Sap » S/4 Hana » Version: 109
    cpe:2.3:a:sap:s/4_hana:109


Products
Pricing
Contact Us

Shodan ® - All rights reserved