CVE-2026-23689

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-23689
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3703092 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:advanced_planning_and_optimization:713:*:*:*:*:*:*:*
cpe:2.3:a:sap:advanced_planning_and_optimization:714:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:712:*:*:*:*:*:*:*
History

17 Feb 2026, 15:57

Type Values Removed Values Added
CWE CWE-770
First Time Sap
Sap advanced Planning And Optimization
Sap supply Chain Management
Summary
  • (es) Debido a una vulnerabilidad de consumo de recursos no controlado (denegación de servicio), un atacante autenticado con privilegios de usuario regular y acceso a la red puede invocar repetidamente un módulo de función habilitado remotamente con un parámetro de control de bucle excesivamente grande. Esto desencadena una ejecución de bucle prolongada que consume recursos excesivos del sistema, lo que podría dejar el sistema no disponible. La explotación exitosa resulta en una condición de denegación de servicio que afecta la disponibilidad, mientras que la confidencialidad y la integridad permanecen inafectadas.
References () https://me.sap.com/notes/3703092 - () https://me.sap.com/notes/3703092 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:supply_chain_management:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:advanced_planning_and_optimization:714:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:712:*:*:*:*:*:*:*
cpe:2.3:a:sap:advanced_planning_and_optimization:713:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:supply_chain_management:700:*:*:*:*:*:*:*

10 Feb 2026, 04:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 15:57

NVD link : CVE-2026-23689

Mitre link : CVE-2026-23689

CVE.ORG link : CVE-2026-23689

JSON object : View

Products Affected

sap

  • advanced_planning_and_optimization
  • supply_chain_management
CWE
CWE-606

Unchecked Input for Loop Condition

CWE-770

Allocation of Resources Without Limits or Throttling