CVE-2026-0506

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform (affected versions not specified)

Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form routines (FORMs) within the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs. This could lead to a high impact on data integrity and system availability. The vulnerable component is an RFC function. The affected functionality involves the execution of FORMs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.