CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform

🗓️ 09 Jun 2026 00:20:04Reported by sapType

Memory corruption in the SAP NetWeaver ABAP Application Server due to improper RFC validation, allowing unauthenticated crafted requests and risking confidentiality, integrity, and availability.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-27671	9 Jun 202600:20	–	attackerkb
Circl	CVE-2026-27671	9 Jun 202601:20	–	circl
CVE	CVE-2026-27671	9 Jun 202600:20	–	cve
EUVD	EUVD-2026-35278	9 Jun 202600:20	–	euvd
NVD	CVE-2026-27671	9 Jun 202601:16	–	nvd
Positive Technologies	PT-2026-47529	9 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-27671	10 Jun 202602:59	–	redhatcve
The Hacker News	Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities	10 Jun 202615:10	–	thn
Vulnrichment	CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform	9 Jun 202600:20	–	vulnrichment

[
  {
    "vendor": "SAP_SE",
    "product": "SAP NetWeaver AS ABAP and ABAP Platform",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "722EXT"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "7.54"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.89"
      },
      {
        "status": "affected",
        "version": "7.93"
      },
      {
        "status": "affected",
        "version": "9.16"
      },
      {
        "status": "affected",
        "version": "9.18"
      },
      {
        "status": "affected",
        "version": "91.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
me	www.me.sap.com/notes/3717897
url	www.url.sap/sapsecuritypatchday

09 Jun 2026 05:31Current

CVSS 3.19.8

EPSS0.00042

CWE-121