What is CVE-2026-24310?

CVE-2026-24310 is a low-severity vulnerability in Sap Netweaver_application_server_abap, classified under Missing Authorization. CVSS score: 3.5/10. Published 2026-03-10.

How severe is CVE-2026-24310?

Low severity. CVSS v3 base score is 3.5 out of 10.

Auth bypass in Sap Netweaver_application_server_abap

CVE-2026-24310

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulner…

Vulnerability class: Broken Access Control

EPSS: 0.000 (12.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N.

Affected products

Sap Netweaver_application_server_abap — versions 702, 731, 740
Sap_se Sap Netweaver Application Server For Abap — versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

cna@sap.com (Permissions Required)
cna@sap.com (Vendor Advisory)

Frequently asked questions

What is CVE-2026-24310?: CVE-2026-24310 is a low-severity vulnerability in Sap Netweaver_application_server_abap, classified under Missing Authorization. CVSS score: 3.5/10. Published 2026-03-10.
How severe is CVE-2026-24310?: Low severity. CVSS v3 base score is 3.5 out of 10.