CVE-2026-27687

MEDIUM EPSS 17.5%

Published Mar 10, 20263mo ago · Modified Jun 17, 20261w ago

5.8 CVSS 3.1

Medium

Published Mar 10, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability.

CVSS Details

Base Score

5.8

Exploitability

1.3

Impact

4.0

Vector string

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector Network

Attack Complexity High

Privileges Required High

User Interaction None

Scope Changed

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

17.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

References 2

me.sap.com https://me.sap.com/notes/3701020
url.sap https://url.sap/sapsecuritypatchday

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.