{"api_version":"1","generated_at":"2026-04-14T03:16:15+00:00","cve":"CVE-2026-27675","urls":{"html":"https://cve.report/CVE-2026-27675","api":"https://cve.report/api/cve/CVE-2026-27675.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-27675","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-27675"},"summary":{"title":"Code Injection vulnerability in SAP Landscape Transformation","description":"SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.","state":"PUBLISHED","assigner":"sap","published_at":"2026-04-14 00:16:05","updated_at":"2026-04-14 00:16:05"},"problem_types":["CWE-94","CWE-94 CWE-94: Improper Control of Generation of Code"],"metrics":[{"version":"3.1","source":"cna@sap.com","type":"Primary","score":"2","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"2","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://me.sap.com/notes/3723097","name":"https://me.sap.com/notes/3723097","refsource":"cna@sap.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://url.sap/sapsecuritypatchday","name":"https://url.sap/sapsecuritypatchday","refsource":"cna@sap.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-27675","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27675","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected DMIS 2011_1_700","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 2011_1_710","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 2011_1_730","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 2011_1_731","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 2011_1_752","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 2020","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected S4CORE 102","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 103","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 104","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 105","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 106","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 107","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 108","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP Landscape Transformation","version":"affected 109","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Landscape Transformation","vendor":"SAP_SE","versions":[{"status":"affected","version":"DMIS 2011_1_700"},{"status":"affected","version":"2011_1_710"},{"status":"affected","version":"2011_1_730"},{"status":"affected","version":"2011_1_731"},{"status":"affected","version":"2011_1_752"},{"status":"affected","version":"2020"},{"status":"affected","version":"S4CORE 102"},{"status":"affected","version":"103"},{"status":"affected","version":"104"},{"status":"affected","version":"105"},{"status":"affected","version":"106"},{"status":"affected","version":"107"},{"status":"affected","version":"108"},{"status":"affected","version":"109"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.</p>"}],"value":"SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94: Improper Control of Generation of Code","lang":"eng","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-14T00:07:01.278Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"url":"https://me.sap.com/notes/3723097"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Code Injection vulnerability in SAP Landscape Transformation","x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2026-27675","datePublished":"2026-04-14T00:07:01.278Z","dateReserved":"2026-02-23T17:50:10.513Z","dateUpdated":"2026-04-14T00:07:01.278Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-14 00:16:05","lastModifiedDate":"2026-04-14 00:16:05","problem_types":["CWE-94","CWE-94 CWE-94: Improper Control of Generation of Code"],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"27675","Ordinal":"1","Title":"Code Injection vulnerability in SAP Landscape Transformation","CVE":"CVE-2026-27675","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"27675","Ordinal":"1","NoteData":"SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.","Type":"Description","Title":"Code Injection vulnerability in SAP Landscape Transformation"}]}}}