CVE-2026-34260

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (SAP Enterprise Search for ABAP) (affected versions not specified)

Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queries and passes them to the underlying database without proper validation or sanitization. Successful exploitation may allow unauthorized access to sensitive database information and could potentially crash the application, impacting confidentiality and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.