PT-2026-39924 · Sap Se · Sap Hana Deployment Infrastructure (Hdi) Deploy Library
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-40131
CVSS v3.1
3.4
Low
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L |
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting confidentiality and availability of the application. There is no impact on integrity.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Hana Deployment Infrastructure (Hdi) Deploy Library