CVE-2026-44769
A NVD · · CVE-2026-44769
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 5.5
- EPSS
- 0%
Key insight
The vulnerability requires already-high privileges for exploitation and is limited to confidentiality impact, indicating relatively constrained risk in typical deployment scenarios.
Description
CVE-2026-44769 affects the Project Management component (PPM-PRO) of SAP S/4HANA, allowing attackers with high system privileges to execute crafted database queries. Exploitation leads to exposure of backend database data, with no impact on application integrity or availability. Risk is limited to scenarios where an internal or heavily authenticated attacker already holds significant system privileges. There is no evidence of active exploitation in the wild.
Risk score
- cvss base
- 55.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 55.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational
MITRE ATT&CK mapping
2 TTPsProcedure details
| Technique | Tactic | Procedure | Conf. | Source |
|---|---|---|---|---|
| T1190 Exploit Public-Facing Application | Initial Access | Exploitation of CVE-2026-44769 vulnerability in SAP S/4HANA PPM-PRO application to execute unauthorized database queries and access backend database | high | llm |
| T1526 Exposure of Sensitive System Information | Discovery | Execution of crafted database queries against the backend database of SAP S/4HANA to expose sensitive information and expose backend database structure and content | high | llm |