CVE-2026-23689 — HIGH (7.7)

Vulnerability Description

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sap	Advanced Planning And Optimization	713
Sap	Supply Chain Management	700

Related Weaknesses (CWE)

CWE-770 CWE-606

References

https://me.sap.com/notes/3703092Permissions Required
https://url.sap/sapsecuritypatchdayVendor Advisory

FAQ

What is CVE-2026-23689?

CVE-2026-23689 is a vulnerability with a CVSS score of 7.7 (HIGH). Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function...

How severe is CVE-2026-23689?

CVE-2026-23689 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-23689?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Advanced Planning And Optimization, Sap Supply Chain Management.