CVE-2026-0488

Name of the Vulnerable Software and Affected Versions SAP CRM and SAP S/4HANA (affected versions not specified)

Description An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) can exploit a flaw in a generic function module call and execute unauthorized critical functionalities. This includes the ability to execute an arbitrary SQL statement, potentially leading to a full database compromise with a high impact on confidentiality, integrity, and availability. The issue stems from deficiencies in the authorization procedure. The vulnerability allows an attacker to send a specially crafted SQL query to gain unauthorized access to the database. The vulnerable component is a generic function module.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.