Vulnerability Details CVE-2026-0506
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-0506
-
cpe:2.3:a:sap:netweaver_application_server_abap:700
-
cpe:2.3:a:sap:netweaver_application_server_abap:701
-
cpe:2.3:a:sap:netweaver_application_server_abap:702
-
cpe:2.3:a:sap:netweaver_application_server_abap:731
-
cpe:2.3:a:sap:netweaver_application_server_abap:740
-
cpe:2.3:a:sap:netweaver_application_server_abap:750
-
cpe:2.3:a:sap:netweaver_application_server_abap:751
-
cpe:2.3:a:sap:netweaver_application_server_abap:752
-
cpe:2.3:a:sap:netweaver_application_server_abap:753
-
cpe:2.3:a:sap:netweaver_application_server_abap:754
-
cpe:2.3:a:sap:netweaver_application_server_abap:755
-
cpe:2.3:a:sap:netweaver_application_server_abap:756
-
cpe:2.3:a:sap:netweaver_application_server_abap:757
-
cpe:2.3:a:sap:netweaver_application_server_abap:758
-
cpe:2.3:a:sap:netweaver_application_server_abap:816