CVE-2026-27671

CRITICAL

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 6/9/2026Modified: 6/9/2026

Related Intelligence (2)

CRITICALZero Day

June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’

June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that need urgent assessment. There’s also one older flaw under exploit, and some patches affecting enterprise products for w

CVE-2026-45586CVE-2026-50507
CSO Online
CRITICALVulnerability

NVD CRITICAL: CVE-2026-27671 — Due to improper RFC protocol validation in the SAP Kernel used by the Applicatio...

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

CVE-2026-27671
NIST NVD

References (2)

https://me.sap.com/notes/3717897https://url.sap/sapsecuritypatchday