Cyber Resilience

CVE-2026-0485

HighDDoS

Published: 10 February 2026

Published
10 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 19.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0485 is a high-severity Amplification (CWE-405) vulnerability in Sap Businessobjects Business Intelligence Platform. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0485 is a vulnerability in the SAP BusinessObjects BI Platform that affects the Content Management Server (CMS). It enables an unauthenticated attacker to send specially crafted requests, causing the CMS to crash and automatically restart. Repeated exploitation leads to persistent service disruption, making the CMS completely unavailable and resulting in high impact on availability, with no effects on confidentiality or integrity. The issue is associated with CWE-405 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

An unauthenticated attacker with network access can exploit this vulnerability remotely, requiring low complexity and no user interaction or privileges. Successful attacks allow the attacker to crash the CMS repeatedly, inducing a denial-of-service condition that renders the service unavailable.

SAP provides mitigation guidance in its security advisories, including a dedicated security note at https://me.sap.com/notes/3678282 and details on the SAP Security Patch Day at https://url.sap/sapsecuritypatchday.

EU & UK References

Vulnerability details

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering…

more

the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated crash of public-facing CMS directly enables T1190 (exploit public-facing app) for initial access and T1499.004 (application/system exploitation) for repeated DoS via crash/restart loops.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0490Same product: Sap Businessobjects Business Intelligence Platform
CVE-2026-0508Same product: Sap Businessobjects Business Intelligence Platform
CVE-2025-0061Same product: Sap Businessobjects Business Intelligence Platform
CVE-2025-0064Same product: Sap Businessobjects Business Intelligence Platform
CVE-2025-53633Shared CWE-405
CVE-2026-23689Same vendor: Sap
CVE-2024-11187Shared CWE-405
CVE-2026-24322Same vendor: Sap
CVE-2026-0488Same vendor: Sap
CVE-2025-0066Same vendor: Sap

Affected Assets

sap
businessobjects business intelligence platform
2025, 2027, 430

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates the vulnerability by applying SAP patches from security note 3678282 to prevent CMS crashes from specially crafted requests.

prevent

Denial-of-service protection implements mechanisms like rate limiting to block repeated crash-inducing requests from unauthenticated attackers.

prevent

Information input validation ensures specially crafted requests are rejected before they can cause the CMS to crash and restart.

References