CVE-2026-24317

Medium CVSS: 5.0

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.

Vendor

Product

CWE

CWE-427

Yayın Tarihi

2026-03-10 17:35:56

Güncelleme

2026-03-11 13:53:47

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-427 MEDIUM 2026

Referanslar

https://me.sap.com/notes/3699761 https://url.sap/sapsecuritypatchday