CVE-2026-27671

Vulnerability

Improper RFC protocol validation in the SAP Kernel, used by Application Server ABAP of SAP NetWeaver and ABAP Platform, allows for memory corruption due to logical errors in memory management. This vulnerability affects SAP NetWeaver and ABAP Platform.

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a crafted RFC request. The attacker does not require any special privileges or user interaction, and the vulnerability is present in the core SAP Kernel.

Impact

Successful exploitation of this vulnerability can lead to a high impact on the confidentiality, integrity, and availability of the affected SAP application. This includes potential data breaches, unauthorized modifications, and service disruptions.

Mitigation

SAP releases security corrections as SAP Security Notes on a regular basis, typically on the second Tuesday of every month [1]. Customers are recommended to implement these corrections with priority. Specific patch details for this vulnerability are not yet disclosed in the available references, but SAP generally provides fixes for Support Packages shipped within the last 24 months for versions under Mainstream Maintenance and Extended Maintenance [1].