Skip to content
Auto-CTI
Back to today
NEW MEDIUM A2

CVE-2026-44771

A NVD · · CVE-2026-44771

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
4.3
EPSS
0%

Key insight

The vulnerability allows restricted authenticated users to access information from other entities and escalate privileges without authorization checks being performed.

Description

CVE-2026-44771 affects SAP S/4HANA and describes missing authorization checks in the draft operation module. An authenticated user with restricted rights can exploit this gap to access information outside their authorization scope and escalate privileges. The CVE shows low impact on confidentiality; integrity and availability of the application remain unaffected. The exploit requires valid credentials and is currently classified as novel.

Risk score

52
cvss base
43.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
43.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC