CVE-2026-0485
Published: 10 February 2026
Summary
CVE-2026-0485 is a high-severity Amplification (CWE-405) vulnerability in Sap Businessobjects Business Intelligence Platform. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-0485 is a vulnerability in the SAP BusinessObjects BI Platform that affects the Content Management Server (CMS). It enables an unauthenticated attacker to send specially crafted requests, causing the CMS to crash and automatically restart. Repeated exploitation leads to persistent service disruption, making the CMS completely unavailable and resulting in high impact on availability, with no effects on confidentiality or integrity. The issue is associated with CWE-405 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An unauthenticated attacker with network access can exploit this vulnerability remotely, requiring low complexity and no user interaction or privileges. Successful attacks allow the attacker to crash the CMS repeatedly, inducing a denial-of-service condition that renders the service unavailable.
SAP provides mitigation guidance in its security advisories, including a dedicated security note at https://me.sap.com/notes/3678282 and details on the SAP Security Patch Day at https://url.sap/sapsecuritypatchday.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6884
Vulnerability details
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering…
more
the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated crash of public-facing CMS directly enables T1190 (exploit public-facing app) for initial access and T1499.004 (application/system exploitation) for repeated DoS via crash/restart loops.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates the vulnerability by applying SAP patches from security note 3678282 to prevent CMS crashes from specially crafted requests.
Denial-of-service protection implements mechanisms like rate limiting to block repeated crash-inducing requests from unauthenticated attackers.
Information input validation ensures specially crafted requests are rejected before they can cause the CMS to crash and restart.