CVE-2026-0498

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (Private Cloud and On-Premise) (affected versions not specified)

Description The software contains a flaw in a function module exposed via Remote Function Call (RFC). An attacker with administrative privileges can exploit this to inject arbitrary ABAP code or Operating System (OS) commands into the system, bypassing authorization checks. This effectively creates a backdoor, potentially leading to full system compromise and impacting confidentiality, integrity, and availability. The vulnerability allows for privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.