Vulnerability Details CVE-2026-23689
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.0%
CVSS Severity
CVSS v3 Score 7.7
Products affected by CVE-2026-23689
-
cpe:2.3:a:sap:advanced_planning_and_optimization:713
-
cpe:2.3:a:sap:advanced_planning_and_optimization:714
-
cpe:2.3:a:sap:supply_chain_management:700
-
cpe:2.3:a:sap:supply_chain_management:701
-
cpe:2.3:a:sap:supply_chain_management:702
-
cpe:2.3:a:sap:supply_chain_management:712