PT-2026-39924 · Sap · @Sap/Hdi-Deploy

CVE-2026-40131

·

Published

2026-05-12

·

Updated

2026-05-12

CVSS v3.1

3.4

Low

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
Name of the Vulnerable Software and Affected Versions @sap/hdi-deploy (affected versions not specified)
Description SQL injection occurs because SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. This allows high privileged users to alter SELECT statements, which impacts the confidentiality and availability of the application.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-40131

Affected Products

@Sap/Hdi-Deploy