CVE-2026-0491 is a critical security vulnerability identified in SAP Landscape Transformation, specifically affecting several versions ranging from DMIS 2011_1_700 to 2020. The vulnerability arises from improper control over code generation (CWE-94) within a function module exposed via Remote Function Call (RFC). An attacker possessing administrative privileges can exploit this flaw to inject arbitrary ABAP code or operating system commands into the SAP system. This injection bypasses essential authorization checks, effectively creating a backdoor that can lead to full system compromise. The vulnerability impacts the confidentiality, integrity, and availability of the affected systems, as attackers can execute unauthorized commands, manipulate data, or disrupt system operations. The CVSS v3.1 score is 9.1 (critical), indicating network exploitable (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), with a scope change (S:C), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild, the potential for severe damage is significant given the nature of SAP systems in enterprise environments. The vulnerability is particularly dangerous because it leverages administrative privileges to bypass authorization, which could allow attackers to maintain persistent access and control over SAP landscapes. SAP Landscape Transformation is a critical component used for data migration and system integration, making this vulnerability a high-value target for attackers aiming at enterprise resource planning (ERP) systems.

The potential impact of CVE-2026-0491 is severe for organizations worldwide, especially those relying heavily on SAP Landscape Transformation for their ERP and data integration needs. Exploitation can lead to full system compromise, including unauthorized data access, data manipulation, and disruption of business-critical processes. Confidentiality breaches could expose sensitive corporate data, including financial, HR, and operational information. Integrity violations could result in corrupted or falsified data, undermining business decisions and compliance efforts. Availability impacts could disrupt essential business functions, causing operational downtime and financial losses. Given SAP's widespread use in large enterprises, government agencies, and critical infrastructure sectors, this vulnerability poses a significant risk of targeted attacks, insider threats, or advanced persistent threats (APTs) seeking to exploit administrative access. The bypass of authorization checks increases the risk of persistent backdoors, making detection and remediation more challenging. Organizations without timely mitigation could face regulatory penalties, reputational damage, and costly incident response efforts.

To mitigate CVE-2026-0491, organizations should immediately identify and inventory all SAP Landscape Transformation instances running affected versions (DMIS 2011_1_700 through 2020). Since no patch links are currently provided, organizations should engage with SAP support for official patches or hotfixes as soon as they become available. In the interim, restrict administrative privileges strictly to trusted personnel and implement robust monitoring of all RFC calls and function module invocations to detect anomalous or unauthorized code execution attempts. Employ SAP's security audit logs and enable detailed logging for suspicious activities related to code injection or OS command execution. Harden the SAP environment by applying the principle of least privilege, ensuring that only necessary users have admin rights. Consider network segmentation to isolate SAP systems and limit exposure of RFC interfaces to trusted networks. Regularly review and update authorization concepts to prevent privilege escalation. Additionally, conduct penetration testing and code reviews focused on RFC-exposed modules to identify similar vulnerabilities. Implement intrusion detection systems (IDS) and endpoint detection and response (EDR) solutions capable of detecting unusual SAP process behaviors. Finally, prepare incident response plans specific to SAP system compromises to enable rapid containment and recovery.