CVE-2026-0492

Published: Jan 13, 2026Modified: Jan 27, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: CNA

Description

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.

Affected (1)

Products: Sap: Hana Database

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Hana Database	Version 2.00

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://me.sap.com/notes/3691059

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.