Vulnerability intelligence
CVE-2026-27671
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
CVSS Score
9.8
Critical
EPSS — Exploit Probability
0.0%
Riskier than 13% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
2 articles across 2 outlets · first covered Jun 9, 2026 · latest Jun 9, 2026
Tracked incidents
Coverage timeline
-
SAP issues urgent patch for critical SAML flaw CVE-2026-44748www.securityweek.com · Jun 9, 2026
-
SAP SAML bug lets attackers bypass login, urgent patch called forsecurityonline.info · Jun 9, 2026