CVE-2026-44744
Description
SAP S/4HANA (On-Premise) has an SQL injection vulnerability in a remote-enabled function module, allowing authenticated attackers to execute unauthorized database queries and expose sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SAP S/4HANA (On-Premise) has an SQL injection vulnerability in a remote-enabled function module, allowing authenticated attackers to execute unauthorized database queries and expose sensitive data.
Vulnerability
SAP S/4HANA (On-Premise) contains an SQL injection vulnerability within a remote-enabled function module component. This flaw allows for the execution of unauthorized database queries.
Exploitation
An authenticated attacker can exploit this vulnerability by leveraging the remote-enabled function module to execute unauthorized database queries. This requires the attacker to have authenticated access to the system.
Impact
Successful exploitation of this vulnerability exposes sensitive information to which the attacker should not otherwise have access. The vulnerability has a high impact on data confidentiality, with no impact on the integrity or availability of the application.
Mitigation
SAP releases security corrections as SAP Security Notes on its regular SAP Security Patch Day, scheduled for the second Tuesday of every month [1]. Customers are recommended to implement these corrections at a priority. Specific details regarding the fixed version and release date for CVE-2026-44744 are not yet disclosed in the available references.
AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
1- SAP: Twelve Vulnerabilities Disclosed Together on June 9, 2026Vypr Intelligence · Jun 9, 2026