medium2026-06-09SAP MDGCVE-2026-44750

Missing Authorization Check in SAP Master Data Governance Review Match Groups

SAP Master Data Governance (Review Match Groups)

Our Take

MDG is the gatekeeper for master data quality — inappropriate access to match group reviews can compromise deduplication workflows. Relevant to any MDG implementation. Planned window.

Vulnerability Detail

Missing authorisation check in the Review Match Groups functionality of SAP Master Data Governance allows an authenticated user to view or modify match group reviews beyond their intended access scope, potentially impacting master data integrity in key domains such as Business Partner, Material, or Customer.

Patch Action

Apply SAP Note 3673181.

Affected Versions

MDG_APPL 9.1

9.2

9.3

9.4; EA-APPL 606

Patch Info

CVSS Score

4.3

SAP Note

3673181 ↗

CVE

CVE-2026-44750

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches