{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0491", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:06:34.263Z", "datePublished": "2026-01-13T01:12:53.331Z", "dateUpdated": "2026-02-26T15:04:49.849Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Landscape Transformation", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "DMIS 2011_1_700"}, {"status": "affected", "version": "2011_1_710"}, {"status": "affected", "version": "2011_1_730"}, {"status": "affected", "version": "2011_1_731"}, {"status": "affected", "version": "2018_1_752"}, {"status": "affected", "version": "2020"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.</p>"}], "value": "SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:12:53.331Z"}, "references": [{"url": "https://me.sap.com/notes/3697979"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Code Injection vulnerability in SAP Landscape Transformation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:57:11.308577Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:49.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:57:11.308577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T16:20:55.965Z"}}], "cna": {"title": "Code Injection vulnerability in SAP Landscape Transformation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Landscape Transformation", "versions": [{"status": "affected", "version": "DMIS 2011_1_700"}, {"status": "affected", "version": "2011_1_710"}, {"status": "affected", "version": "2011_1_730"}, {"status": "affected", "version": "2011_1_731"}, {"status": "affected", "version": "2018_1_752"}, {"status": "affected", "version": "2020"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3697979"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:12:53.331Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0491", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:49.849Z", "dateReserved": "2025-12-09T22:06:34.263Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-01-13T01:12:53.331Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system."}, {"lang": "es", "value": "SAP Landscape Transformation permite a un atacante con privilegios de administrador explotar una vulnerabilidad en el m\u00f3dulo de funci\u00f3n expuesto a trav\u00e9s de RFC. Este fallo permite la inyecci\u00f3n de c\u00f3digo ABAP/comandos del sistema operativo arbitrarios en el sistema, eludiendo las comprobaciones de autorizaci\u00f3n esenciales. Esta vulnerabilidad funciona eficazmente como una puerta trasera, creando el riesgo de compromiso total del sistema, socavando la confidencialidad, integridad y disponibilidad del sistema."}], "id": "CVE-2026-0491", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-01-13T02:15:50.743", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3697979"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:52:23.532347+00:00", "value": {"mitigation_remediation": ["Apply SAP Security Patch as referenced in SAP note 3697979", "Restrict the Landscape Transformation RFC function module to trusted hosts and minimal user groups, ensuring only authorized users can invoke it", "Audit system logs for unexpected ABAP code execution or OS command activity and investigate anomalies"], "summary": {"action": "Patch Immediately", "impact": "Full System Compromise via Code Injection"}, "threat_synthesis": {"affected_systems": "SAP Landscape Transformation from SAP SE is affected. No version details were supplied, but the issue applies to all deployments configured to allow RFC access to the function module used for landscape transformations.", "description_and_impact": "The vulnerability resides in SAP Landscape Transformation, allowing an attacker with administrative rights to leverage a remote function module exposed via RFC to inject arbitrary ABAP code and operating system commands. The flaw bypasses essential authorization checks, effectively creating a backdoor. As described, an attacker could execute code with system privileges, resulting in loss of confidentiality, integrity, and availability. The weakness is a classic code injection flaw as identified by CWE-94.", "risk_and_exploitability": "The CVSS score of 9.1 categorizes the issue as critical. The EPSS score of less than 1% indicates that exploitation is not currently widespread, but the presence of a backdoor means the risk is high if an attacker gains the necessary administrative privileges. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires access to the RFC interface and administrative credentials; once achieved, the attacker can execute arbitrary code on the host system. Given the severity and the potential for complete system takeover, organizations should treat this as a critical priority."}}}}, "created": "2026-01-13T09:27:00.696756+00:00", "updated": "2026-04-18T07:00:11.348936+00:00", "vendors": ["sap", "sap$PRODUCT$landscape_transformation"]}