Advisory
On 10.02.2026 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within Kernel.
SAP Note 3678313 addresses "[CVE-2026-24320] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)" to prevent memory corruption with a low risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Risk specification
SAP NetWeaver and ABAP Platform (Application Server ABAP) allows an attacker to trigger improper memory handling through specially crafted input, potentially resulting in unintended memory corruption and exposure of internal memory content. This could enable access to sensitive information processed at runtime.
Solution
The application now performs proper memory handling and consistently processes special characters to prevent erroneous conversions that could lead to memory corruption.
The advisory is valid for
- KERNEL 7.22 35
- KERNEL 7.53 57
- KERNEL 7.54 36
- KERNEL 7.77 53
- KERNEL 7.89 36
- KERNEL 7.93 30
- KERNEL 8.04 14
- KERNEL 9.16 8
- KERNEL 9.17 2
- KERNEL 9.18 2
- KRNL64NUC 7.22 41
- KRNL64NUC 7.22EXT 41
- KRNL64UC 7.22 41
- KRNL64UC 7.22EXT 41
- KRNL64UC 7.53 57
- KRNL64UC 8.04 15
