CVE-2026-0507

High

Published: 13 January 2026

Published

13 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0138 80.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0507 is a high-severity OS Command Injection (CWE-78) vulnerability in Sap (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly addresses the insufficient input validation that enables the OS command injection by requiring validation of uploaded content before processing.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely application of SAP patches specified in the advisory, remediating the specific flaw causing the command injection vulnerability.

SI-9 Information Input Restrictions partial match

prevent

SI-9 restricts the types and formats of uploaded content to known safe inputs, mitigating the ability to upload specially crafted malicious payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

OS command injection vulnerability directly enables exploitation for privilege escalation (T1068) from application admin to OS RCE and facilitates abuse of command and scripting interpreters (T1059) for arbitrary OS command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application,…

this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Deeper analysisAI

CVE-2026-0507 is an OS Command Injection vulnerability (CWE-78) affecting SAP Application Server for ABAP and SAP NetWeaver RFCSDK. Published on 2026-01-13, it carries a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw arises from insufficient input validation, allowing specially crafted content to be processed by the application and trigger arbitrary operating system command execution.

An authenticated attacker with administrative privileges and adjacent network access can exploit this vulnerability by uploading malicious content to the server. If the application processes this content, the attacker achieves remote code execution, potentially leading to full compromise of the system's confidentiality, integrity, and availability.

SAP advisories provide mitigation details, including patches available via SAP Security Patch Day at https://url.sap/sapsecuritypatchday and specific guidance in SAP Note 3675151 at https://me.sap.com/notes/3675151. Security practitioners should apply these updates promptly to affected systems.