{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27673", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-02-23T17:50:10.513Z", "datePublished": "2026-04-14T00:06:38.160Z", "dateUpdated": "2026-04-14T13:14:19.040Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:06:38.160Z"}, "title": "Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP S/4HANA (Private Cloud and On-Premise)", "versions": [{"status": "affected", "version": "S4CORE 105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "109"}, {"status": "affected", "version": "FI-CA 606"}, {"status": "affected", "version": "616"}, {"status": "affected", "version": "617"}, {"status": "affected", "version": "618"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3703813"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:56:39.062866Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:14:19.040Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:56:39.062866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:09:22.884Z"}}], "cna": {"title": "Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP S/4HANA (Private Cloud and On-Premise)", "versions": [{"status": "affected", "version": "S4CORE 105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "109"}, {"status": "affected", "version": "FI-CA 606"}, {"status": "affected", "version": "616"}, {"status": "affected", "version": "617"}, {"status": "affected", "version": "618"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3703813"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:06:38.160Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27673", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:14:19.040Z", "dateReserved": "2026-02-23T17:50:10.513Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-04-14T00:06:38.160Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application."}], "id": "CVE-2026-27673", "lastModified": "2026-04-14T00:16:05.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-04-14T00:16:05.477", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3703813"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "S4CORE 105"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "106"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "107"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "108"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "109"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "FI-CA 606"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "616"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "617"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "618"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "SAP S/4HANA (Private Cloud and On-Premise)", "source": "cna", "vendor": "SAP_SE"}, "product": "s/4hana", "vendor": "sap"}], "analysis": {"en": {"generated_at": "2026-04-14T01:51:40.477712+00:00", "value": {"mitigation_remediation": ["Update SAP S/4HANA to the latest version that includes the fix from SAP Note 3703813.", "Apply the updates released in the SAP Security Patch Day advisory.", "Verify that the patch is deployed in both private cloud and on\u2011premise instances.", "Enforce least\u2011privilege permissions for user accounts to restrict file system operations.", "Monitor the file system for unexpected deletions or modifications."], "summary": {"action": "Apply Patch", "impact": "Unauthorized OS file deletion and manipulation"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to SAP SE\u2019s SAP S/4HANA deployments, both private cloud and on\u2011premise. Specific affected product versions are not disclosed in the CVE data; the fix is referenced by SAP Note 3703813.", "description_and_impact": "A missing authorization check in SAP S/4HANA (Private Cloud and On\u2011Premise) permits an authenticated user to delete files on the underlying operating system and perform other file\u2011related operations. The flaw does not affect data confidentiality, has a low impact on integrity, and a low impact on application availability.", "risk_and_exploitability": "The CVSS score of 4.9 indicates low severity, and the EPSS score is unavailable while the vulnerability is not listed in the CISA KEV catalog. The attack requires a valid authenticated session; an attacker with user credentials can exploit the missing check to delete or modify operating system files, potentially disrupting system integrity or availability. The overall risk remains low, but the lack of confidentiality compromise limits immediate exposure."}}}}, "created": "2026-04-14T16:16:33.341656+00:00", "updated": "2026-04-14T16:31:30.067603+00:00", "vendors": ["sap", "sap$PRODUCT$s/4hana"]}