medium2026-06-09SAP GatewayCVE-2026-44749

Information Disclosure in SAP Gateway OData V4

SAP Gateway (OData V4)

Our Take

OData V4 is the API layer for Fiori apps and third-party integrations. Information disclosure here could aid reconnaissance for a more targeted attack. Planned window, but include it — the Gateway is high-traffic.

Vulnerability Detail

An information disclosure vulnerability in the SAP Gateway OData V4 component allows an authenticated attacker to access metadata or response content that they should not be authorised to view, potentially exposing backend data model details or sensitive business data.

Patch Action

Apply SAP Note 3433366.

Affected Versions

SAP_BASIS 752–758

804

816

Patch Info

CVSS Score

4.3

SAP Note

3433366 ↗

CVE

CVE-2026-44749

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches