Cyber Resilience

CVE-2026-24322

High

Published: 10 February 2026

Published
10 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0004 14.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24322 is a high-severity Missing Authorization (CWE-862) vulnerability in Sap Solution Tools Plug-In. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24322 affects the SAP Solution Tools Plug-In (ST-PI), where a function module fails to perform necessary authorization checks for authenticated users, enabling the disclosure of sensitive information. Published on 2026-02-10, this vulnerability is classified under CWE-862 (Missing Authorization) and carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), indicating high impact on confidentiality with no effects on integrity or availability.

Low-privileged authenticated users can exploit this vulnerability remotely over the network with low complexity and no user interaction required. The scoped attack vector allows successful exploitation to result in high confidentiality impact, potentially exposing sensitive data accessible via the affected function module.

SAP advisories, including Note 3705882 available at https://me.sap.com/notes/3705882 and details from the SAP Security Patch Day at https://url.sap/sapsecuritypatchday, provide guidance on mitigation, such as applying relevant patches to address the missing authorization checks.

EU & UK References

Vulnerability details

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or…

more

availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authorization checks (CWE-862) in a network-accessible SAP component directly enable remote exploitation by low-privileged users to obtain sensitive data, matching the definition of T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0509Same vendor: Sap
CVE-2026-0506Same vendor: Sap
CVE-2026-0488Same vendor: Sap
CVE-2026-0490Same vendor: Sap
CVE-2026-0508Same vendor: Sap
CVE-2026-45209Shared CWE-862
CVE-2025-0066Same vendor: Sap
CVE-2026-25026Shared CWE-862
CVE-2026-23687Same vendor: Sap
CVE-2026-42083Shared CWE-862

Affected Assets

sap
solution tools plug-in
2008_1_700, 2008_1_710, 740, 758

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 mandates enforcement of approved authorizations for access to information and resources, directly mitigating the missing authorization checks in the ST-PI function module that enable sensitive data disclosure.

prevent

AC-6 enforces least privilege restrictions, reducing the potential impact by limiting low-privileged users' access to sensitive information exploitable via the vulnerable function module.

prevent

SI-2 requires timely identification, reporting, and correction of system flaws, such as applying the SAP patch from Note 3705882 to remediate the missing authorization vulnerability.

References