{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:03:21.279","vulnerabilities":[{"cve":{"id":"CVE-2026-0509","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:02.357","lastModified":"2026-02-17T16:04:59.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application."},{"lang":"es","value":"SAP NetWeaver Servidor de Aplicaciones ABAP y Plataforma ABAP permite a un usuario autenticado y con bajos privilegios realizar llamadas a funciones remotas en segundo plano sin la autorización S_RFC requerida en ciertos casos. Esto puede resultar en un alto impacto en la integridad y disponibilidad, y ningún impacto en la confidencialidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":5.8}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:*","matchCriteriaId":"FE603A80-8FF0-4180-9E11-C468AE2441C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53:*:*:*:*:*:*:*","matchCriteriaId":"7EB97250-22A3-4BA6-8498-59ED0E81E3CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54:*:*:*:*:*:*:*","matchCriteriaId":"7F5D31D3-B2B2-4347-B8DF-D06056289598"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:*","matchCriteriaId":"50570852-982E-40CA-B391-3FB8B9373F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:*","matchCriteriaId":"B8B74AD9-A83E-45DD-96C2-4F3C8C8C6AE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93:*:*:*:*:*:*:*","matchCriteriaId":"237DBA4A-B5A9-48C9-B6A3-D293BB66EF69"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16:*:*:*:*:*:*:*","matchCriteriaId":"3668B2D9-0A4C-43F5-B248-9A6438AF7D71"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18:*:*:*:*:*:*:*","matchCriteriaId":"1BC9779B-7571-44F7-BCCC-6BF2834ED779"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_kernel:9.19:*:*:*:*:*:*:*","matchCriteriaId":"D243C94B-F182-48A0-9775-4B193B913B8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:*","matchCriteriaId":"02507EB2-8776-4EA9-9164-B2F6AD911B59"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*","matchCriteriaId":"7867ADA5-47AA-48DD-9CAC-D3ACB5713CB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:*","matchCriteriaId":"B5E3292A-7311-4821-A52E-8FB4A1449D44"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext:*:*:*:*:*:*:*","matchCriteriaId":"171A52A4-8383-47D9-89D4-FC44CA84DA49"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53:*:*:*:*:*:*:*","matchCriteriaId":"B1190FF1-8D50-4424-AE21-6AE562D5C6B1"}]}]}],"references":[{"url":"https://me.sap.com/notes/3674774","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}