{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T14:18:50.622","vulnerabilities":[{"cve":{"id":"CVE-2026-24317","sourceIdentifier":"cna@sap.com","published":"2026-03-10T17:35:56.040","lastModified":"2026-03-11T13:53:47.157","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability."},{"lang":"es","value":"SAP GUI para Windows permite que los archivos DLL se carguen desde directorios arbitrarios dentro de la aplicación. Un atacante no autenticado podría explotar esta vulnerabilidad persuadiendo a una víctima para que coloque un DLL malicioso dentro de uno de estos directorios. El comando malicioso se ejecuta en el contexto del usuario víctima siempre que GuiXT esté habilitado. Esta vulnerabilidad tiene un bajo impacto en la confidencialidad, integridad y disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://me.sap.com/notes/3699761","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}