CVE-2026-27681 - SAP Business Planning and Consolidation & SAP Business Warehouse - SQL Injection

Overview

SAP Business Planning and Consolidation and SAP Business Warehouse contain a SQL injection caused by insufficient authorization checks, letting authenticated users read, modify, and delete database data.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated users can read, modify, and delete database data, impacting confidentiality, integrity, and availability.

Mitigation

Update to the latest available version with authorization checks fixed.

References

Social Media Activity(4 posts)

TheHackerWire

@thehackerwire

Apr 14, 2026

🔴 CVE-2026-27681 - Critical (9.9) Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27681/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

OffSequence

@offseq

Apr 14, 2026

🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi

View original post

TheHackerWire

@thehackerwire

Apr 14, 2026

🔴 CVE-2026-27681 - Critical (9.9) Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27681/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

OffSequence

@offseq

Apr 14, 2026

🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi

View original post

CVE-2026-27681 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(4 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score