medium2026-05-12SAP BusinessObjectsCVE-2026-0502

Cross-Site Request Forgery in SAP BusinessObjects BI Platform

SAP BusinessObjects BI Platform

Our Take

Fourth BusinessObjects note across recent months — BO continues to draw researcher attention. If you run BO, batch with other open BO notes into a single maintenance window.

Vulnerability Detail

A CSRF vulnerability in the BusinessObjects BI Platform that could allow an attacker to trick an authenticated user into performing unintended actions.

Patch Action

Apply SAP Note 3667593.

Affected Versions

ENTERPRISE 430

2025

2027

Patch Info

CVSS Score

5.4

SAP Note

3667593 ↗

CVE

CVE-2026-0502

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches