Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000017

[Content Description]
SAP has released a critical cybersecurity vulnerability announcement (CVE-2026-27681, CVSS: 9.9) for its Business Planning and Consolidation system and Business Warehouse system. This vulnerability allows authenticated attackers to read, modify, and delete database data using specially crafted SQL syntax, impacting the confidentiality, integrity, and availability of the systems.

[Affected Platforms]
HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816

[Recommended Actions]
Patch according to the solutions released on the official website:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html