{"api_version":"1","generated_at":"2026-05-12T11:06:37+00:00","cve":"CVE-2026-40133","urls":{"html":"https://cve.report/CVE-2026-40133","api":"https://cve.report/api/cve/CVE-2026-40133.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-40133","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-40133"},"summary":{"title":"Missing Authorization check in SAP S/4HANA Condition Maintenance","description":"Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.","state":"PUBLISHED","assigner":"sap","published_at":"2026-05-12 03:16:12","updated_at":"2026-05-12 03:16:12"},"problem_types":["CWE-862","CWE-862 CWE-862: Missing Authorization"],"metrics":[{"version":"3.1","source":"cna@sap.com","type":"Primary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://me.sap.com/notes/3718083","name":"https://me.sap.com/notes/3718083","refsource":"cna@sap.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://url.sap/sapsecuritypatchday","name":"https://url.sap/sapsecuritypatchday","refsource":"cna@sap.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-40133","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40133","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected S4CORE 102","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 103","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 104","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 105","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 106","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 107","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 108","platforms":[]},{"source":"CNA","vendor":"SAP_SE","product":"SAP S/4HANA Condition Maintenance","version":"affected 109","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP S/4HANA Condition Maintenance","vendor":"SAP_SE","versions":[{"status":"affected","version":"S4CORE 102"},{"status":"affected","version":"103"},{"status":"affected","version":"104"},{"status":"affected","version":"105"},{"status":"affected","version":"106"},{"status":"affected","version":"107"},{"status":"affected","version":"108"},{"status":"affected","version":"109"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.</p>"}],"value":"Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862: Missing Authorization","lang":"eng","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T02:21:18.130Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"url":"https://me.sap.com/notes/3718083"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Missing Authorization check in SAP S/4HANA Condition Maintenance","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2026-40133","datePublished":"2026-05-12T02:21:18.130Z","dateReserved":"2026-04-09T17:29:44.663Z","dateUpdated":"2026-05-12T02:21:18.130Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-12 03:16:12","lastModifiedDate":"2026-05-12 03:16:12","problem_types":["CWE-862","CWE-862 CWE-862: Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"40133","Ordinal":"1","Title":"Missing Authorization check in SAP S/4HANA Condition Maintenance","CVE":"CVE-2026-40133","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"40133","Ordinal":"1","NoteData":"Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.","Type":"Description","Title":"Missing Authorization check in SAP S/4HANA Condition Maintenance"}]}}}