【Vulnerability Alert】Critical Security Vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681)

• Subject: 【Vulnerability Alert】Critical Security Vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681)

• Description:
  • Forwarded from TWCERT/CC Security Alert TWCERTCC-200-202604-00000017.
  • SAP has released a critical security vulnerability announcement regarding its products, SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS: 9.9). This vulnerability allows an authenticated attacker to read, modify, and delete database data through specially crafted SQL syntax, impacting the confidentiality, integrity, and availability of the system.
• Affected Platforms:
  • HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816
• Recommended Actions:
  • Apply patches according to the solutions released on the official website:
  • https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html
• Reference:
  1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html

Computer and Communication Center
Network Systems Division