CVE-2026-44750: CWE-862: Missing Authorization in SAP_SE SAP MDG (Review Match Groups Application)
CVE-2026-44750 is a vulnerability in SAP MDG's Review Match Groups Application where necessary authorization checks are missing for authenticated users. This flaw allows low-privileged users to perform actions that should be restricted, leading to escalation of privileges. The impact is limited to integrity with no effect on confidentiality or availability. The vulnerability affects specific SAP versions including S4CORE 108, SAP_BASIS 916 and 917, and SAP_ABA 816. The CVSS score is 4. 3, indicating a medium severity level. No official patch or remediation guidance has been provided yet, and there are no known exploits in the wild. This is not a cloud service, so remediation depends on vendor updates to the affected software versions.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-44750 in SAP MDG (Review Match Groups Application) involves missing authorization checks for authenticated users. This CWE-862 weakness permits low-privileged users to perform unauthorized actions that could escalate their privileges within the application. The affected SAP product versions include S4CORE 108, SAP_BASIS 916 and 917, and SAP_ABA 816. The CVSS 3.1 base score is 4.3 (medium severity), reflecting a network attack vector with low attack complexity, requiring low privileges and no user interaction, impacting integrity but not confidentiality or availability. No official remediation or patch is currently documented, and no exploits have been reported in the wild.
Potential Impact
The vulnerability allows unauthorized privilege escalation by bypassing authorization checks, impacting the integrity of the SAP MDG Review Match Groups Application. Confidentiality and availability are not affected. The medium severity score reflects the limited scope of impact and the requirement for authenticated access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been published, organizations should monitor SAP security advisories for updates. Until a patch is available, restrict access to the affected SAP MDG components to trusted users and review user privileges to minimize risk.
CVE-2026-44750: CWE-862: Missing Authorization in SAP_SE SAP MDG (Review Match Groups Application)
Description
CVE-2026-44750 is a vulnerability in SAP MDG's Review Match Groups Application where necessary authorization checks are missing for authenticated users. This flaw allows low-privileged users to perform actions that should be restricted, leading to escalation of privileges. The impact is limited to integrity with no effect on confidentiality or availability. The vulnerability affects specific SAP versions including S4CORE 108, SAP_BASIS 916 and 917, and SAP_ABA 816. The CVSS score is 4. 3, indicating a medium severity level. No official patch or remediation guidance has been provided yet, and there are no known exploits in the wild. This is not a cloud service, so remediation depends on vendor updates to the affected software versions.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-44750 in SAP MDG (Review Match Groups Application) involves missing authorization checks for authenticated users. This CWE-862 weakness permits low-privileged users to perform unauthorized actions that could escalate their privileges within the application. The affected SAP product versions include S4CORE 108, SAP_BASIS 916 and 917, and SAP_ABA 816. The CVSS 3.1 base score is 4.3 (medium severity), reflecting a network attack vector with low attack complexity, requiring low privileges and no user interaction, impacting integrity but not confidentiality or availability. No official remediation or patch is currently documented, and no exploits have been reported in the wild.
Potential Impact
The vulnerability allows unauthorized privilege escalation by bypassing authorization checks, impacting the integrity of the SAP MDG Review Match Groups Application. Confidentiality and availability are not affected. The medium severity score reflects the limited scope of impact and the requirement for authenticated access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been published, organizations should monitor SAP security advisories for updates. Until a patch is available, restrict access to the affected SAP MDG components to trusted users and review user privileges to minimize risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- sap
- Date Reserved
- 2026-05-07T18:16:34.195Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2769ece29bf47b50f67275
Added to database: 6/9/2026, 1:18:36 AM
Last enriched: 6/9/2026, 1:34:21 AM
Last updated: 6/9/2026, 6:04:47 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.