CVE-2026-34264 — MEDIUM (6.5)

Vulnerability Description

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Human Capital Management	s4hcmrxx_100
Sap	S\/4Hana	-

Related Weaknesses (CWE)

CWE-204

References

https://me.sap.com/notes/3680767Permissions Required
https://url.sap/sapsecuritypatchdayPermissions Required

FAQ

What is CVE-2026-34264?

CVE-2026-34264 is a vulnerability with a CVSS score of 6.5 (MEDIUM). During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the ...

How severe is CVE-2026-34264?

CVE-2026-34264 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-34264?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Human Capital Management, Sap S\/4Hana.