CVE-2026-44750

Vulnerability

SAP MDG (Master Data Governance) versions prior to the patch released on the second Tuesday of June 2026 do not perform adequate authorization checks within the Review Match Groups Application. This vulnerability allows authenticated users with low privileges to access functionalities that should be restricted.

Exploitation

An attacker with existing low-privileged authenticated access to the SAP MDG system can exploit this vulnerability by interacting with the Review Match Groups Application. No specific user interaction or special configuration is mentioned as required beyond authenticated access.

Impact

Successful exploitation of this vulnerability allows a low-privileged user to escalate their privileges within the SAP MDG system. The vulnerability has a low impact on data integrity, while confidentiality and availability are not impacted.

Mitigation

SAP released security corrections for this vulnerability on their Security Patch Day in June 2026. Customers are advised to implement the relevant SAP Security Notes as soon as possible. Specific details on the fixed version and release date are available via SAP Security Notes in SAP for Me [1].