Cyber Resilience

CVE-2026-0507

High

Published: 13 January 2026

Published
13 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0088 54.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0507 is a high-severity OS Command Injection (CWE-78) vulnerability in Sap (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0507 is an OS command injection vulnerability, tracked under CWE-78, that affects SAP Application Server for ABAP and SAP NetWeaver RFCSDK. An authenticated attacker with administrative privileges and adjacent network access can upload specially crafted content that, when processed by the application, results in execution of arbitrary operating system commands and full compromise of system confidentiality, integrity, and availability. The issue carries a CVSS 3.1 score of 8.4.

An attacker positioned on an adjacent network who already possesses administrative credentials can supply malicious content to the server; successful processing of that content grants the ability to run arbitrary OS commands, enabling complete control over the affected SAP system.

SAP has published mitigation guidance in note 3675151 and addressed the issue as part of its security patch day release cycle. The associated EPSS score remains low, with a current value of 0.0138 and a recorded peak of 0.0184.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application,…

more

this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection vulnerability directly enables exploitation for privilege escalation (T1068) from application admin to OS RCE and facilitates abuse of command and scripting interpreters (T1059) for arbitrary OS command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24377Shared CWE-78
CVE-2025-33234Shared CWE-78
CVE-2024-48890Shared CWE-78
CVE-2026-3692Shared CWE-78
CVE-2025-66203Shared CWE-78
CVE-2026-1427Shared CWE-78
CVE-2025-1265Shared CWE-78
CVE-2025-70828Shared CWE-78
CVE-2026-5707Shared CWE-78
CVE-2025-52626Shared CWE-78

Affected Assets

Sap
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly addresses the insufficient input validation that enables the OS command injection by requiring validation of uploaded content before processing.

prevent

SI-2 ensures timely application of SAP patches specified in the advisory, remediating the specific flaw causing the command injection vulnerability.

prevent

SI-9 restricts the types and formats of uploaded content to known safe inputs, mitigating the ability to upload specially crafted malicious payloads.

References