low2026-05-12SAP HANACVE-2026-40131

SQL Injection in SAP HANA HDI Deploy Library

SAP HANA HDI Deploy Library

Our Take

Low severity, narrow product. Include in your next quarterly HANA tooling update.

Vulnerability Detail

SQL injection vulnerability in the SAP HANA Deployment Infrastructure (HDI) Deploy Library. Limited exploit conditions reduce severity to low.

Patch Action

Apply SAP Note 3726962.

Affected Versions

XS_HDI_DEPLOYER 1.00

Patch Info

CVSS Score

3.4

SAP Note

3726962 ↗

CVE

CVE-2026-40131

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches