Description
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.
Published: 2026-07-14
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SAProuter on Microsoft Windows is vulnerable to DLL hijacking, allowing an unauthenticated attacker to load a malicious library from an untrusted location and execute arbitrary code. This flaw can compromise confidentiality, integrity, and availability of the affected system.

Affected Systems

All installations of SAProuter for Windows are potentially vulnerable; specific version information has not been disclosed.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity and the absence of an EPSS score suggests the exploit probability is unknown. The vulnerability can be exploited remotely by an attacker who can place a malicious DLL in a directory that SAProuter scans or in a path the application resolves, enabling arbitrary code execution with the privileges of the SAProuter process.

Generated by OpenCVE AI on July 14, 2026 at 12:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the SAProuter patch provided in SAP Note 3692165 to resolve the DLL hijacking flaw.
  • Restrict file system permissions on directories that SAProuter scans for DLLs so that only trusted system accounts can write to them.
  • Limit network exposure of SAProuter by configuring firewall rules to allow access only from trusted IP addresses or internal networks, reducing the attack surface.

Generated by OpenCVE AI on July 14, 2026 at 12:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Description SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.
Title DLL Hijacking vulnerability in SAProuter on Microsoft Windows
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-07-14T12:40:00.804Z

Reserved: 2025-12-09T22:06:31.239Z

Link: CVE-2026-0487

cve-icon Vulnrichment

Updated: 2026-07-14T12:39:57.460Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T13:00:04Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element