Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

CVE-2026-27687

Description

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability.

Affected products

SAP/S/4HANA HCM Portugalllm-create
SAP/ERP HCM Portugalllm-create
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugalv5
Range: S4HCMCPT 100

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3701020mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000