medium2026-04-14SAP S/4HANACVE-2026-34261

Missing Authorization check in SAP Business Analytics and SAP Content Management

SAP Business Analytics and SAP Content Management

Our Take

Authorization bypass on remote-enabled function modules is always worth addressing. Confidentiality impact is high per the CVSS detail. Next patch window.

Vulnerability Detail

Remote-enabled function modules allow an authenticated user to access sensitive information beyond their intended permissions. After patching, the vulnerable function modules are no longer accessible remotely.

Patch Action

Apply SAP Note 3705094.

Affected Versions

S4HCMRXX 100

101

102 / SAP_HRRXX 600

604

608

Patch Info

Timing

🟡 Next patch window

CVSS Score

6.5

SAP Note

3705094 ↗

CVE

CVE-2026-34261

Published

2026-04-14

Timing recommendations are editorial. Verify against official SAP Security Notes before acting on production systems.

← All patches