CVE-2026-27671
CriticalCVSS 9.8Summary
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption.
Risk Assessment
This could lead to a high impact on the confidentiality, integrity, and availability of the application, posing a risk to the organization.
Recommendation
It is recommended to update to the latest version of SAP to patch this vulnerability and to monitor systems for suspicious RFC requests.
Original NVD description (English source)
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.

