Vulnerability Details CVE-2026-0509
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.1%
CVSS Severity
CVSS v3 Score 9.6
Products affected by CVE-2026-0509
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:9.19
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53