Skip to content
Auto-CTI
Back to today
NEW HIGH A2

CVE-2026-44769

A NVD · · CVE-2026-44769

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
5.5
EPSS
0%

Key insight

The vulnerability requires already-high privileges for exploitation and is limited to confidentiality impact, indicating relatively constrained risk in typical deployment scenarios.

Description

CVE-2026-44769 affects the Project Management component (PPM-PRO) of SAP S/4HANA, allowing attackers with high system privileges to execute crafted database queries. Exploitation leads to exposure of backend database data, with no impact on application integrity or availability. Risk is limited to scenarios where an internal or heavily authenticated attacker already holds significant system privileges. There is no evidence of active exploitation in the wild.

Risk score

67
cvss base
55.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
55.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

2 TTPs
Recon
Resource Dev
Execution
Persistence
Priv. Escal.
Def. Evasion
Cred. Access
Lateral Mov.
Collection
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1190
Exploit Public-Facing Application
Initial Access Exploitation of CVE-2026-44769 vulnerability in SAP S/4HANA PPM-PRO application to execute unauthorized database queries and access backend database high llm
T1526
Exposure of Sensitive System Information
Discovery Execution of crafted database queries against the backend database of SAP S/4HANA to expose sensitive information and expose backend database structure and content high llm
ESC