CVE-2026-24317
CWE-427Published: March 10, 2026· Updated: Mar 11, 2026
Official Description
SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability.
Technical Analysis
CVE-2026-24317 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (2)
Quick Facts
Related CVEs (CWE-427)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-24317 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts