CVE-2026-40134

Description

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and availability of the application.

References

• https://me.sap.com/notes/3718508
• https://url.sap/sapsecuritypatchday