【Vulnerability Alert】Critical Security Vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681)

Posting Date: 2026/04/29

Subject: 【Vulnerability Alert】Critical Security Vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681)

Description:
- Forwarded from TWCERT/CC Security Alert TWCERTCC-200-202604-00000017.
- SAP has released a critical security vulnerability announcement regarding its products, SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS: 9.9). This vulnerability allows an authenticated attacker to read, modify, and delete database data through specially crafted SQL syntax, impacting the confidentiality, integrity, and availability of the system.
Affected Platforms:
- HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816
Recommended Actions:
- Apply patches according to the solutions released on the official website:
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html
Reference:
1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html

Computer and Communication Center
Network Systems Division