CVE-2026-0501

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger) (affected versions not specified)

Description The issue stems from inadequate input validation within the SAP S/4HANA Financials General Ledger component. An authenticated user can potentially execute specially crafted SQL queries, enabling them to read, modify, and delete data within the backend database. This could compromise the confidentiality, integrity, and availability of the application. The vulnerability allows for full database access. It is noted that Shodan bots may identify vulnerable instances before administrators are aware of their version.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.