CVE-2026-34259 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 12, 2026
SAP Forecasting & Replenishment - Command Injection
Overview
SAP Forecasting & Replenishment contains a command injection caused by abuse of a non-remote-enabled function by authenticated administrators, letting attackers execute arbitrary OS commands, exploit requires administrative authorizations.
Severity & Score
Impact
Authenticated administrators can execute arbitrary OS commands, leading to full system compromise including data read, modification, or shutdown.
Mitigation
Update to the latest available version with the vulnerability fixed.
Social Media Activity(2 posts)
š CVE-2026-34259 - High (8.2) Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful expl... š https://www.thehackerwire.com/vulnerability/CVE-2026-34259/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34259 - High (8.2) Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful expl... š https://www.thehackerwire.com/vulnerability/CVE-2026-34259/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34259
- Severity
- High
- CVSS Score
- 8.2
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 1.0%
- Social Posts
- 2
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H