{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24317", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:25.361Z", "datePublished": "2026-03-10T00:18:00.851Z", "dateUpdated": "2026-03-11T03:56:32.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:18:00.851Z"}, "title": "DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP GUI for Windows with active GuiXT", "versions": [{"status": "affected", "version": "BC-FES-GUI 8.00"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3699761"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-24317"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T03:56:32.610Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T15:36:04.437826Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:36:05.638Z"}}], "cna": {"title": "DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP GUI for Windows with active GuiXT", "versions": [{"status": "affected", "version": "BC-FES-GUI 8.00"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3699761"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:18:00.851Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24317", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:53:07.917Z", "dateReserved": "2026-01-21T22:15:25.361Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-03-10T00:18:00.851Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability."}], "id": "CVE-2026-24317", "lastModified": "2026-03-11T13:53:47.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-03-10T17:35:56.040", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3699761"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "BC-FES-GUI 8.00"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SAP GUI for Windows with active GuiXT", "source": "cna", "vendor": "SAP_SE"}, "product": "sap_gui_for_windows_with_active_guixt", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-16T09:56:24.180009+00:00", "value": {"mitigation_remediation": ["Disable GuiXT in SAP GUI for Windows if it is not essential for business processes.", "Apply the latest SAP security update or patch that addresses DLL loading restrictions once it is released.", "Restrict write permissions on the directories from which SAP GUI can load DLLs, limiting the ability of non\u2011privileged users to place arbitrary files.", "Implement monitoring to detect unexpected DLL files in those directories, and configure alerts for any such changes."], "summary": {"action": "Assess Impact", "impact": "Code execution through DLL hijacking"}, "threat_synthesis": {"affected_systems": "SAP GUI for Windows with active GuiXT is affected. No specific version numbers are provided, so all current deployments of the GUI with GuiXT enabled should be considered vulnerable.", "description_and_impact": "The vulnerability allows an unauthenticated attacker to cause SAP GUI for Windows to load a malicious DLL from any directory within the application. Once the victim uses the application with GuiXT enabled, the DLL is executed in the victim\u2019s user context. The impact on confidentiality, integrity, and availability is low, as the attack is executed only in the victim\u2019s context and does not grant broader system compromise.", "risk_and_exploitability": "The CVSS score of 5.0 places the vulnerability in the moderate range, but the probability of exploitation is very low. The issue is not listed in the CISA KEV catalog, suggesting no known widespread active exploitation. The likely attack vector is a social\u2011engineering scenario in which a user is persuaded to run the application after a malicious DLL has been placed in one of the permitted directories. No privileged escalation or remote access is required beyond the victim\u2019s local workstation."}}}}, "created": "2026-03-10T14:06:14.609401+00:00", "updated": "2026-04-16T10:00:14.091563+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_gui_for_windows_with_active_guixt"]}