medium2026-05-12SAP S/4HANACVE-2026-40133

Missing Authorization Check in SAP S/4HANA Condition Maintenance

SAP S/4HANA Condition Maintenance

Our Take

Pricing data integrity is a finance and audit concern, not just a security one. If you run S/4HANA with active pricing maintenance, include this in the next window.

Vulnerability Detail

Missing authorisation check in the Condition Maintenance functionality of S/4HANA allows an authenticated user to access or modify pricing condition data beyond their intended permissions.

Patch Action

Apply SAP Note 3718083.

Affected Versions

S4CORE 102–109

Patch Info

CVSS Score

6.3

SAP Note

3718083 ↗

CVE

CVE-2026-40133

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches