CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

🗓️ 10 Feb 2026 03:01:08Reported by sapType

Authenticated attacker can exploit SAP scripting editor to execute arbitrary statements and compromise the database.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2026-0488	10 Feb 202604:22	–	circl
CNNVD	SAP CRM和SAP S/4HANA 安全漏洞	10 Feb 202600:00	–	cnnvd
CVE	CVE-2026-0488	10 Feb 202603:01	–	cve
NCSC	Vulnerabilities fixed in SAP products	10 Feb 202612:28	–	ncsc
NVD	CVE-2026-0488	10 Feb 202604:16	–	nvd
OSV	CVE-2026-0488	10 Feb 202604:16	–	osv
Positive Technologies	PT-2026-7203	9 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-0488	11 Feb 202607:30	–	redhatcve
The Hacker News	Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms	11 Feb 202613:28	–	thn
Vulnrichment	CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)	10 Feb 202603:01	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM and SAP S/4HANA (Scripting Editor)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      },
      {
        "status": "affected",
        "version": "109"
      },
      {
        "status": "affected",
        "version": "SAP_ABA 700"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "730"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      },
      {
        "status": "affected",
        "version": "800"
      },
      {
        "status": "affected",
        "version": "801"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3697099
url	www.url.sap/sapsecuritypatchday

10 Feb 2026 03:01Current

CVSS 3.19.9

EPSS0.00022

CWE-862