CVE-2026-0503 in ERP Central Component and S4HANAinformação

Sumário

de MITRE • 13/01/2026

Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Sap

Reservar

09/12/2025

Divulgação

13/01/2026

Moderação

aceite

Entrada

VDB-340523

CPE

pronto

CWE

CWE-862 (confirmado)

CVSS

6.4 (CNA)

EPSS

0.00071

KEV

não

Atividades

muito baixo

Sector

Energy, Transportation, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-0503
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-0503
CVE Details	https://www.cvedetails.com/cve/CVE-2026-0503/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!