CVE 9.1 CRITICAL

Code Injection vulnerability in SAP Landscape Transformation_CVE-2026-0491

January 12, 2026 invoker category_cve
9.1 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

AI Analysis

Code injection vulnerability allowing arbitrary ABAP code/OS command injection, bypassing authorization checks, and potentially leading to full system compromise.

Basic Information

ID CVE-2026-0491
Source sap
Published Jan 13, 2026 at 01:12

Affected Product

Vendor SAP_SE
Product SAP Landscape Transformation
Version DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020
Affected Versions SAP_SE SAP Landscape Transformation DMIS 2011_1_700
SAP_SE SAP Landscape Transformation 2011_1_710
SAP_SE SAP Landscape Transformation 2011_1_730
SAP_SE SAP Landscape Transformation 2011_1_731
SAP_SE SAP Landscape Transformation 2018_1_752
SAP_SE SAP Landscape Transformation 2020

CWE Classification

CWE-94

AI Assessment

AI Score 9.1 / 10
AI Severity Critical
Vendor SAP
Product SAP Landscape Transformation
Version DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.