CVE-2026-0491 is a critical security vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting SAP Landscape Transformation products from SAP SE. The vulnerability resides in a function module exposed via Remote Function Call (RFC) interfaces, which are commonly used for system integration and automation within SAP environments. An attacker possessing administrative privileges can exploit this flaw to inject arbitrary ABAP code or operating system commands directly into the SAP system. This injection bypasses essential authorization mechanisms, effectively creating a backdoor that allows the attacker to execute malicious code with high privileges. The affected versions include multiple releases from DMIS 2011_1_700 through 2020, indicating a broad impact across SAP Landscape Transformation deployments. The vulnerability's CVSS v3.1 score of 9.1 reflects its critical nature, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and scope change (S:C), resulting in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). Although no known exploits have been reported in the wild, the potential for full system compromise makes this a significant threat. SAP Landscape Transformation is a key component in data migration and system integration scenarios, so exploitation could disrupt critical business processes and expose sensitive data.

For European organizations, the impact of CVE-2026-0491 is severe. SAP Landscape Transformation is widely used across industries such as manufacturing, finance, utilities, and public sector entities in Europe. Exploitation could lead to unauthorized disclosure of sensitive business data, manipulation or deletion of critical information, and disruption of business operations due to system compromise. The ability to execute arbitrary code with administrative privileges means attackers could establish persistent backdoors, move laterally within networks, and potentially disrupt supply chains or critical infrastructure. Given the interconnected nature of SAP systems in European enterprises, a successful attack could cascade across multiple business units or partner organizations. The confidentiality breach could also lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. The availability impact could affect service delivery and operational continuity, especially in sectors reliant on real-time data processing and integration.

To mitigate CVE-2026-0491, European organizations should prioritize the following actions: 1) Apply SAP-provided patches or updates as soon as they become available, even if no exploits are currently known; 2) Restrict administrative privileges strictly to essential personnel and enforce the principle of least privilege to reduce the attack surface; 3) Harden RFC interfaces by limiting access to trusted networks and implementing strong authentication and authorization controls; 4) Monitor SAP system logs and network traffic for unusual activities indicative of code injection or unauthorized command execution; 5) Conduct regular security audits and penetration testing focused on SAP Landscape Transformation components; 6) Employ SAP security notes and tools such as SAP Solution Manager to detect and remediate vulnerabilities; 7) Implement network segmentation to isolate SAP systems from less secure environments; 8) Educate SAP administrators about the risks of code injection vulnerabilities and secure coding practices; 9) Establish incident response plans tailored to SAP system compromises; 10) Consider deploying application-layer firewalls or SAP-specific security solutions that can detect and block suspicious RFC calls.