CVE-2026-27673

Vulnerability

Overview

CVE-2026-27673 describes a missing authorization check in SAP S/4HANA (Private Cloud and On-Premise) that permits an authenticated user to delete files on the underlying operating system. The root cause is the absence of proper access controls for file deletion operations, allowing users to perform actions beyond their intended privileges.

Exploitation

Prerequisites

An attacker must have valid authentication credentials for the SAP S/4HANA system. No special network position is required beyond normal user access. The vulnerability can be exploited by sending crafted requests that bypass authorization checks, enabling the deletion of arbitrary files on the OS.

Impact

According to the official description, exploitation results in no impact on confidentiality, but low impact on both integrity and availability. This means an attacker can delete files, potentially causing data loss or service disruption, though the scope is limited.

Mitigation

SAP has addressed this issue in its regular Security Patch Day. Users are advised to apply the relevant security note as soon as possible to prevent exploitation [1]. No workarounds have been published.