Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform_CVE-2026-27671

{
    "lastseen": "",
    "description": "Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.",
    "published": "2026-06-09T00:20:04.299Z",
    "modified": "2026-06-09T00:20:04.299Z",
    "type": "cve",
    "title": "Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform",
    "source": "sap",
    "references": "https://me.sap.com/notes/3717897\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-27671",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver and ABAP Platform KRNL64NUC 7.22\nSAP_SE SAP NetWeaver and ABAP Platform 7.22EXT\nSAP_SE SAP NetWeaver and ABAP Platform KRNL64UC 7.22\nSAP_SE SAP NetWeaver and ABAP Platform 722EXT\nSAP_SE SAP NetWeaver and ABAP Platform 7.53\nSAP_SE SAP NetWeaver and ABAP Platform KERNEL 7.22\nSAP_SE SAP NetWeaver and ABAP Platform 7.54\nSAP_SE SAP NetWeaver and ABAP Platform 7.77\nSAP_SE SAP NetWeaver and ABAP Platform 7.89\nSAP_SE SAP NetWeaver and ABAP Platform 7.93\nSAP_SE SAP NetWeaver and ABAP Platform 9.16\nSAP_SE SAP NetWeaver and ABAP Platform 9.18\nSAP_SE SAP NetWeaver and ABAP Platform 91.9",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver and ABAP Platform",
    "version": "KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 91.9",
    "vendor": "SAP_SE",
    "ai_description": "Memory corruption vulnerability due to improper RFC protocol validation in SAP Kernel used by Application Server ABAP, allowing unauthenticated attackers to send crafted RFC requests and potentially impact confidentiality, integrity, and availability",
    "ai_severity": "Critical",
    "ai_vendor": "SAP",
    "ai_product": "SAP NetWeaver and ABAP Platform",
    "ai_version": "7.22, 7.22EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 91.9",
    "ai_score": 9.8
}