CVE-2026-34262 - Vulnerability Details - OpenCVE

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Sap Subscribe	Hana Cockpit Subscribe Hana Database Explorer Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Sap Subscribe	Hana Cockpit Subscribe Hana Database Explorer Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://me.sap.com/notes/3730639
https://url.sap/sapsecuritypatchday

History

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sap Sap hana Cockpit Sap hana Database Explorer
Vendors & Products		Sap Sap hana Cockpit Sap hana Database Explorer

Tue, 14 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Description		Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Title		Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Weaknesses		CWE-522
References		https://me.sap.com/notes/3730639 https://url.sap/sapsecuritypatchday
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2026-04-14T00:09:03.364Z

Updated: 2026-04-14T13:14:17.275Z

Reserved: 2026-03-26T19:02:45.983Z

Link: CVE-2026-34262

Vulnrichment

Updated: 2026-04-14T13:08:57.395Z

NVD

Status : Received

Published: 2026-04-14T01:16:04.050

Modified: 2026-04-14T01:16:04.050

Link: CVE-2026-34262

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-14T16:31:15Z

Weaknesses

CWE-522

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34262", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-03-26T19:02:45.983Z", "datePublished": "2026-04-14T00:09:03.364Z", "dateUpdated": "2026-04-14T13:14:17.275Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:09:03.364Z"}, "title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP HANA Cockpit and HANA Database Explorer", "versions": [{"status": "affected", "version": "SAP_HANA_COCKPIT 2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3730639"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:53:11.415883Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:14:17.275Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T12:53:11.415883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:08:57.395Z"}}], "cna": {"title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP HANA Cockpit and HANA Database Explorer", "versions": [{"status": "affected", "version": "SAP_HANA_COCKPIT 2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3730639"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer", "supportingMedia": [{"type": "text/html", "value": "<p>Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-04-14T00:09:03.364Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34262", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:14:17.275Z", "dateReserved": "2026-03-26T19:02:45.983Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-04-14T00:09:03.364Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_HANA_COCKPIT 2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "SAP HANA Cockpit and HANA Database Explorer", "source": "cna", "vendor": "SAP_SE"}, "product": "hana_cockpit", "vendor": "sap"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_HANA_COCKPIT 2.0"}}], "original": {"product": "SAP HANA Cockpit and HANA Database Explorer", "source": "cna", "vendor": "SAP_SE"}, "product": "hana_database_explorer", "vendor": "sap"}], "analysis": {"en": {"generated_at": "2026-04-14T04:20:37.510257+00:00", "value": {"mitigation_remediation": ["Apply the update provided in SAP note 3730639 to both HANA Cockpit and HANA Database Explorer.", "Restrict network access to the cockpit and explorer interfaces so that only trusted users can reach them.", "Verify after patching that the disclosed information has been properly secured; review logs for any residual data exposure."], "summary": {"action": "Patch Now", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected products are SAP HANA Cockpit and the HANA Database Explorer, both part of SAP\u2019s HANA platform. The advisory does not list specific version numbers, implying that any deployment of these services could be vulnerable unless confirmed patched.", "description_and_impact": "A flaw in SAP HANA Cockpit and the HANA Database Explorer allows an attacker to obtain sensitive information that should be restricted. The weakness is classified as CWE\u2011522, indicating that confidential data can be accessed without proper authorization. Potentially exposed information could include configuration settings, access credentials, or other privileged details that compromise confidentiality of the system.", "risk_and_exploitability": "The CVSS base score of 5.0 reflects moderate severity. Because exploitation data is not available, and the vulnerability is not listed in known exploited vulnerability catalogs, widespread attacks have not been reported. The likely attack path is remote access via the web interfaces of the cockpit and explorer, though the precise conditions required to exploit the issue are not detailed in the advisory and are inferred rather than explicitly confirmed."}}}}, "created": "2026-04-14T16:16:19.342427+00:00", "updated": "2026-04-14T16:31:15.846038+00:00", "vendors": ["sap", "sap$PRODUCT$hana_cockpit", "sap$PRODUCT$hana_database_explorer"]}