CVE-2026-34256
Published: 14 April 2026
Summary
CVE-2026-34256 is a high-severity Missing Authorization (CWE-862) vulnerability in Sap (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Stored Data Manipulation (T1565.001); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to system resources, directly mitigating the missing authorization check that allows authenticated attackers to execute ABAP reports and overwrite others.
Requires identification, reporting, and correction of system flaws like this missing authorization vulnerability through timely patching as provided in SAP security note 3731908.
Employs least privilege to restrict low-privileged authenticated users from performing unauthorized high-impact actions such as overwriting executable ABAP reports.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The missing authorization check directly enables an authenticated attacker to overwrite executable ABAP reports, facilitating stored data manipulation to disrupt functionality and availability.
NVD Description
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is…
more
subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.
Deeper analysisAI
CVE-2026-34256 is a missing authorization check vulnerability, classified under CWE-862, affecting SAP ERP and SAP S/4HANA in Private Cloud and On-Premise deployments. Published on 2026-04-14, the flaw stems from inadequate checks that allow an authenticated attacker to execute a specific ABAP report, enabling the overwriting of any existing eight-character executable ABAP report without proper authorization. This issue carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. By executing the vulnerable ABAP report, the attacker can overwrite a targeted eight-character ABAP report, which, if subsequently run, disrupts its intended functionality and renders it unavailable. Exploitation primarily impacts availability at a high level, with limited integrity effects confined to the overwritten report and no confidentiality impact.
SAP advisories provide mitigation through security note 3731908 at https://me.sap.com/notes/3731908, released as part of SAP Security Patch Day detailed at https://url.sap/sapsecuritypatchday. Security practitioners should review and apply these patches promptly to affected systems.
Details
- CWE(s)