CVE-2026-0486

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3691645	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:solution_tools_plug-in:740:::::::*
	cpe:2.3:a:sap:solution_tools_plug-in:758:::::::*
	cpe:2.3:a:sap:solution_tools_plug-in:2005_1_700:::::::*
	cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:::::::*

History

17 Feb 2026, 16:11

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3691645 -~~	() https://me.sap.com/notes/3691645 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE		cpe:2.3:a:sap:solution_tools_plug-in:2005_1_700:::::::* cpe:2.3:a:sap:solution_tools_plug-in:740:::::::* cpe:2.3:a:sap:solution_tools_plug-in:758:::::::* cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:::::::*
First Time		Sap Sap solution Tools Plug-in
Summary		(es) En sistemas SAP basados en ABAP, un módulo de función habilitado remotamente no realiza las comprobaciones de autorización necesarias para un usuario autenticado, resultando en la divulgación de información del sistema. Esto tiene bajo impacto en la confidencialidad. La integridad y la disponibilidad no se ven impactadas.

10 Feb 2026, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 16:11

NVD link : CVE-2026-0486

Mitre link : CVE-2026-0486

CVE.ORG link : CVE-2026-0486

JSON object : View

Products Affected

sap

solution_tools_plug-in

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-0486", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-02-10T04:16:01.550", "references": [{"url": "https://me.sap.com/notes/3691645", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted."}, {"lang": "es", "value": "En sistemas SAP basados en ABAP, un m\u00f3dulo de funci\u00f3n habilitado remotamente no realiza las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, resultando en la divulgaci\u00f3n de informaci\u00f3n del sistema. Esto tiene bajo impacto en la confidencialidad. La integridad y la disponibilidad no se ven impactadas."}], "lastModified": "2026-02-17T16:11:29.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E087FCF-62FE-48A7-80B1-1BEDEA5716D6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C9CBFC-453A-4B9E-87B6-466369CE6AD6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2005_1_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DB77DE3-2703-4A42-BE41-D37F312A7A9D"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836C482-5A64-4373-BCB4-0185BDF83EAD"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}