CVE-2026-23681 is a vulnerability identified in the SAP Support Tools Plug-In, specifically in certain function modules where authorization checks are missing (CWE-862). This flaw allows an authenticated attacker with low privileges to invoke these function modules and retrieve detailed information about the SAP system and its configuration. The vulnerability affects multiple versions of the SAP Support Tools Plug-In, including ST-PI 2008_1_700, 2008_1_710, 740, and 758. The core issue is that the function modules do not properly verify whether the user has the necessary permissions before disclosing system information. Although the vulnerability does not allow modification of data or disruption of services, the information disclosure can be leveraged by attackers to map the system environment, identify potential weaknesses, and plan subsequent, more impactful attacks. The CVSS 3.1 base score is 4.3 (medium), reflecting low confidentiality impact, no integrity or availability impact, network attack vector, low attack complexity, and requiring privileges but no user interaction. No known exploits in the wild have been reported to date. The vulnerability was published on February 10, 2026, and no official patches have been linked yet. SAP customers should monitor for updates and consider compensating controls to restrict access to vulnerable modules.

For European organizations, this vulnerability poses a moderate risk primarily through information disclosure. SAP systems are widely used across Europe in sectors such as manufacturing, finance, public administration, and utilities. Attackers gaining system configuration details can tailor attacks such as privilege escalation, targeted phishing, or exploitation of other SAP vulnerabilities. Although the direct impact on confidentiality is low, the indirect risk of enabling more severe attacks is significant, especially in critical infrastructure and large enterprises with complex SAP landscapes. The lack of impact on integrity and availability reduces immediate operational risk but does not eliminate the threat of subsequent compromise. Organizations with exposed or poorly segmented SAP environments are at higher risk. Given the strategic importance of SAP systems in European economies, attackers may prioritize these targets to gain footholds or conduct espionage. The requirement for authenticated access limits exposure but insider threats or compromised credentials could facilitate exploitation.

1. Restrict access to SAP Support Tools Plug-In function modules by enforcing strict role-based access controls (RBAC) and least privilege principles. 2. Monitor and audit SAP user activities, especially those involving support tool modules, to detect anomalous access patterns. 3. Implement network segmentation and firewall rules to limit access to SAP management interfaces only to trusted administrators. 4. Apply SAP security notes and patches promptly once available for the affected ST-PI versions. 5. Use SAP’s security configuration guides to harden system settings and disable unnecessary function modules or services. 6. Conduct regular SAP system security assessments and penetration tests focusing on authorization checks. 7. Educate SAP administrators about the risks of information disclosure and the importance of credential protection. 8. Consider deploying SAP Enterprise Threat Detection tools to identify suspicious activities related to this vulnerability. 9. If patching is delayed, implement compensating controls such as enhanced logging and alerting on access to vulnerable modules.