CVE-2026-0493

🗓️ 13 Jan 2026 01:13:06Reported by sapType

CSRF flaw in SAP Fiori Intercompany Balance Reconciliation enables state-changing actions by an attacker on behalf of an authenticated user, with low integrity impact.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2026-0493	13 Jan 202605:32	–	circl
CNNVD	SAP Fiori App Intercompany Balance Reconciliation 跨站请求伪造漏洞	13 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-0493 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)	13 Jan 202601:13	–	cvelist
EUVD	EUVD-2026-2384	13 Jan 202601:13	–	euvd
NCSC	Vulnerabilities fixed in SAP products	13 Jan 202614:42	–	ncsc
NVD	CVE-2026-0493	13 Jan 202602:15	–	nvd
Positive Technologies	PT-2026-2329	13 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-0493	14 Jan 202601:22	–	redhatcve
Vulnrichment	CVE-2026-0493 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)	13 Jan 202601:13	–	vulnrichment

Vulners

Node

sap hcm_fiori_app_my_formsMatch500

sap hcm_fiori_app_my_formsMatch600

sap hcm_fiori_app_my_formsMatch700

sap hcm_fiori_app_my_formsMatch800

sap hcm_fiori_app_my_formsMatch900

sap hcm_fiori_app_my_formsMatch901

sap hcm_fiori_app_my_formsMatch902

sap s4coreMatch102

sap hcm_fiori_app_my_formsMatch103

sap hcm_fiori_app_my_formsMatch104

sap hcm_fiori_app_my_formsMatch105

sap hcm_fiori_app_my_formsMatch106

sap hcm_fiori_app_my_formsMatch107

sap hcm_fiori_app_my_formsMatch108

sap hcm_fiori_app_my_formsMatch109

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Fiori App (Intercompany Balance Reconciliation)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "UIAPFI70 500"
      },
      {
        "status": "affected",
        "version": "600"
      },
      {
        "status": "affected",
        "version": "700"
      },
      {
        "status": "affected",
        "version": "800"
      },
      {
        "status": "affected",
        "version": "900"
      },
      {
        "status": "affected",
        "version": "901"
      },
      {
        "status": "affected",
        "version": "902"
      },
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      },
      {
        "status": "affected",
        "version": "109"
      },
      {
        "status": "affected",
        "version": "UIS4H 109"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3655229
url	www.url.sap/sapsecuritypatchday

15 Apr 2026 00:35Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.3

EPSS0.00026

SSVC

CWE-352