What is CVE-2026-0492?

CVE-2026-0492 is a high-severity vulnerability in Sap_se Sap Hana Database, classified under Missing Authentication for Critical Function. CVSS score: 8.8/10. Published 2026-01-13.

How severe is CVE-2026-0492?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Sap_se Sap Hana Database

CVE-2026-0492

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the sys…

Vulnerability class: Broken Authentication

EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap_se Sap Hana Database — versions HDB 2.00

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

me.sap.com/notes/3691059
url.sap/sapsecuritypatchday

Frequently asked questions

What is CVE-2026-0492?: CVE-2026-0492 is a high-severity vulnerability in Sap_se Sap Hana Database, classified under Missing Authentication for Critical Function. CVSS score: 8.8/10. Published 2026-01-13.
How severe is CVE-2026-0492?: High severity. CVSS v3 base score is 8.8 out of 10.