CVE-2026-23689
Last modified
CVE-2026-23689 is a high-severity vulnerability rated 7.7/10 on the CVSS scale. Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Advanced Planning And Optimization | 713 |
| Sap | Advanced Planning And Optimization | 714 |
| Sap | Supply Chain Management | 700 |
| Sap | Supply Chain Management | 701 |
| Sap | Supply Chain Management | 702 |
| Sap | Supply Chain Management | 712 |
References
- https://me.sap.com/notes/3703092Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-23689?
How severe is CVE-2026-23689?
How do I fix CVE-2026-23689?
Are you affected by CVE-2026-23689?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST