1. Home
  2. CVE Database
  3. CVE-2026-27686
MEDIUM · 5.9

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation ...

Vulnerability Description

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2026-27686?

CVE-2026-27686 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation ...

How severe is CVE-2026-27686?

CVE-2026-27686 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27686?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.