{"id":13863,"date":"2026-01-14T12:05:45","date_gmt":"2026-01-14T10:05:45","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13863"},"modified":"2026-01-14T12:06:07","modified_gmt":"2026-01-14T10:06:07","slug":"sap-security-notes-january-2026","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/","title":{"rendered":"SAP Security Notes, January 2026"},"content":{"rendered":"<p><strong>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n<div>\n<h2><\/h2>\n<h2>January 2026 Notes<\/h2>\n<h3>Monthly Summary and Highlights<\/h3>\n<div>\n<div class=\"elementToProof\">\n<p class=\"elementToProof\">This month, a total of 17 notes were released, 3 more than in December 2025. Four Hot News notes were published, one more than in the previous period. Regarding high-criticality notes, there are 4, one fewer compared to December. Medium and low notes will not be reviewed, therefore <b>we will provide details on a total of 8 notes<\/b> (all those with a CVSS score of <b>7<\/b> or higher).<\/p>\n<p class=\"elementToProof\">We have <b>a total of 17 notes<\/b> for the entire month (all 17 are new, and there are no updates to notes published in previous months).<\/p>\n<p class=\"elementToProof\">We will review in detail a total of 8 notes, all of them high-criticality and Hot News:<\/p>\n<ol start=\"1\">\n<li>\n<div role=\"presentation\">The most critical note of the month <b>(CVSS <\/b><span style=\"color: #ff0000;\"><b>9.9<\/b><\/span><b>)<\/b> is a Hot News note, related to <b>&#8220;SQL Injection Vulnerability in SAP S\/4HANA Private Cloud and On-Premise&#8221;.<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">The next most critical note <b>(CVSS <\/b><span style=\"color: #ff0000;\"><b>9.6<\/b><\/span><b>)<\/b> is another Hot News, the second of the month, related to &#8220;Remote code execution in SAP Wily Introscope Enterprise Manager&#8221;.<\/div>\n<\/li>\n<li>\n<div role=\"presentation\">The following notes in terms of criticality <b>(CVSS <\/b><span style=\"color: #ff0000;\"><b>9.1<\/b><\/span><b>)<\/b> are two Hot News notes: one related to <b>&#8220;Code Injection vulnerability in SAP S\/4HANA&#8221;<\/b> and the other to <b>&#8220;Code Injection vulnerability in SAP Landscape Transformation&#8221;.<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">The next one is a high-criticality note <b>(CVSS <\/b><span style=\"color: #ff9900;\"><b>8.8<\/b><\/span><b>)<\/b> related to <b>&#8220;Privilege escalation vulnerability in SAP HANA database&#8221;.<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">The next in criticality <b>(CVSS <\/b><span style=\"color: #ff9900;\"><b>8.4<\/b><\/span><b>)<\/b> is the second high-criticality note, related to <b>&#8220;OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK&#8221;.<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">The following notes in terms of criticality <b>(CVSS <\/b><span style=\"color: #ff9900;\"><b>8.1<\/b><\/span><b>)<\/b> are two high-criticality notes, related to <b>&#8220;Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)&#8221;<\/b> and <b>&#8220;Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform&#8221;.<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">This month, the most predominant vulnerability type was <b>&#8220;Code Injection&#8221; (3\/17 on patch day)<\/b>.<\/div>\n<\/li>\n<\/ol>\n<p class=\"elementToProof\">In the chart, we can see the <b><u>classification of the January notes<\/u><\/b>, as well as the trend and classification over the previous 5 months (only Sec. Tuesday \/ Patch Day notes \u2013 by SAP):<\/p>\n<\/div>\n<\/div>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-13864\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg\" alt=\"\" width=\"702\" height=\"369\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg 1200w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026-300x158.jpg 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026-1024x538.jpg 1024w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026-600x315.jpg 600w\" sizes=\"(max-width: 702px) 100vw, 702px\" \/><\/p>\n<h3>Full details<\/h3>\n<p>The <strong>complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n<ol start=\"1\">\n<li>\n<div role=\"presentation\"><b>SQL Injection Vulnerability in SAP S\/4HANA Private Cloud and On-Premise (Financials \u2013 General Ledger)<\/b>\u00a0<b><u>(<a id=\"OWA9aacdac1-cff9-93c2-6fc7-7a77b03b0f13\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3687749\/E\" href=\"https:\/\/me.sap.com\/notes\/3687749\/E\" data-auth=\"NotApplicable\">3687749<\/a>)<\/u>:<\/b>\u00a0Due to insufficient input validation an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application. A temporary workaround is available.<b>\u00a0CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff0000;\"><b>9,9<\/b><\/span><b>\/ 10 [<a id=\"OWA79013bce-8c74-b1e2-90e3-3c01a323138e\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0501\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0501\" data-auth=\"NotApplicable\">CVE-2026-0501<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\"><b>Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)<u>\u00a0(<\/u><\/b><b><u><a id=\"OWA644157af-7a0c-ffbd-fd6b-28bbed6a02c0\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3668679\/E\" href=\"https:\/\/me.sap.com\/notes\/3668679\/E\" data-auth=\"NotApplicable\">3668679<\/a><\/u><\/b><b><u>)<\/u>: <\/b>Due to a critical remote code execution vulnerability, an unauthenticated attacker could craft a malicious JNLP (Java Network Launch Protocol) file and host it via a public URL. Once a victim accesses this URL, the Wily Introscope Server can be leveraged to execute arbitrary commands on the victim&#8217;s application environment. This exploit poses a severe risk as it could lead to a total compromise of the application&#8217;s confidentiality, integrity, and availability. <b>CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff0000;\"><b>9,6<\/b><\/span><b>\/ 10 [<a id=\"OWA3ed0cec8-c0c4-f2ad-b64a-7de6ffc70438\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0500\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0500\" data-auth=\"NotApplicable\">CVE-2026-0500<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Code Injection vulnerability in SAP S\/4HANA (Private Cloud and On-Premise)<b>\u00a0(<\/b><b><u><a id=\"OWAc5086565-9f43-e9af-3a91-90e26db661b5\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3694242\/E\" href=\"https:\/\/me.sap.com\/notes\/3694242\/E\" data-auth=\"NotApplicable\">3694242<\/a><\/u><\/b><b>): <\/b>SAP S\/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code\/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.<b>\u00a0CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff0000;\"><b>9,1<\/b><\/span><b>\/ 10 [<a id=\"OWA9dbbadb6-3f3f-1664-3c0a-b6eea826eb97\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0498\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0498\" data-auth=\"NotApplicable\">CVE-2026-0498<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Code Injection vulnerability in SAP Landscape Transformation<b>\u00a0<\/b><b>\u00a0(<\/b><b><a id=\"OWAfd773c5d-7607-c5ea-c219-cdd0b13da035\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3697979\/E\" href=\"https:\/\/me.sap.com\/notes\/3697979\/E\" data-auth=\"NotApplicable\">3697979<\/a><\/b><b>): <\/b>A security flaw in SAP Landscape Transformation allows an attacker with administrative privileges to exploit a vulnerability within a function module exposed via RFC. By leveraging this weakness, an unauthorized user can inject arbitrary ABAP code or OS commands into the system while bypassing critical authorization checks. This vulnerability essentially operates as a backdoor, posing a severe risk of a full system compromise the confidentiality, integrity, and availability of the entire environment. <b>CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff0000;\"><b>9,1<\/b><\/span><b>\/ 10 [<a id=\"OWAd365b3d1-0e2f-36f2-7be2-1bb0b2be4d5d\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0491\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0491\" data-auth=\"NotApplicable\">CVE-2026-0491<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Privilege escalation vulnerability in SAP HANA database<b>\u00a0(<\/b><b><a id=\"OWA4a645209-5603-e6fd-0cbc-e86f268ce9ab\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3691059\/E\" href=\"https:\/\/me.sap.com\/notes\/3691059\/E\" data-auth=\"NotApplicable\">3691059<\/a><\/b><b>): <\/b>SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system\u2019s confidentiality, integrity, and availability. <b>CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff9900;\"><b>8,8<\/b><\/span><b>\/ 10 [<a id=\"OWAf1e170f9-66ab-edfc-2e14-4b08d3ab4101\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0492\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0492\" data-auth=\"NotApplicable\">CVE-2026-0492<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK<b>\u00a0(<\/b><b><a id=\"OWA84bf8cc3-2eff-4bd6-94cf-a6d4c09b83bd\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3675151\/E\" href=\"https:\/\/me.sap.com\/notes\/3675151\/E\" data-auth=\"NotApplicable\">3675151<\/a><\/b><b>): <\/b>Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system\u2019s confidentiality, integrity, and availability. <b>CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff9900;\"><b>8,4<\/b><\/span><b>\/ 10 [<a id=\"OWAb9f5c645-cff9-5ee5-079c-0c9dd8853b07\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0507\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0507\" data-auth=\"NotApplicable\">CVE-2026-0507<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)<b>\u00a0(<\/b><b><a id=\"OWA93fdd272-93e4-1809-52c8-9e3a9fd25620\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3565506\/E\" href=\"https:\/\/me.sap.com\/notes\/3565506\/E\" data-auth=\"NotApplicable\">3565506<\/a><\/b><b>): <\/b>SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application, availability is not impacted..<b>\u00a0CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff9900;\"><b>8,1<\/b><\/span><b>\/\u00a010 [<a id=\"OWAda067e9a-f750-7611-cb1f-469ebdc853a0\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0511\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-0511\" data-auth=\"NotApplicable\">CVE-2026-0511<\/a>]<\/b><\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform<b>\u00a0(<\/b><b><a id=\"OWAe5914a70-6e0a-fbf4-4864-23655bc33913\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/me.sap.com\/notes\/3688703\/E\" href=\"https:\/\/me.sap.com\/notes\/3688703\/E\" data-auth=\"NotApplicable\">3688703<\/a><\/b><b>): <\/b>SAP Web Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.<b>\u00a0CVSS v3\u00a0Base Score <\/b><span style=\"color: #ff9900;\"><b>8,1<\/b><\/span><b>\/ 10 [<a id=\"OWAa138b899-39af-ac58-4caa-039fb60bad17\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/www.cve.org\/CVERecord\/SearchResults?query=CVE-2026-0506\" href=\"https:\/\/www.cve.org\/CVERecord\/SearchResults?query=CVE-2026-0506\" data-auth=\"NotApplicable\">CVE-2026-0506<\/a>]<\/b><\/div>\n<\/li>\n<\/ol>\n<h3 style=\"font-weight: 400;\"><strong>Reference links<\/strong><\/h3>\n<p>Other references, from SAP and Onapsis (january):<\/p>\n<p class=\"elementToProof\"><b><a id=\"OWAf7433760-91e9-6b30-6753-a9fcde075a23\" class=\"x_x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/january-2026.html\" href=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/january-2026.html\" data-auth=\"NotApplicable\">SAP Security Patch Day &#8211; January 2026<\/a><\/b><\/p>\n<p class=\"elementToProof\"><b><a id=\"OWAe0887fd9-ebfd-a5e8-7685-7e6e6ef6d1b8\" class=\"x_x_x_x_x_x_x_OWAAutoLink\" title=\"https:\/\/onapsis.com\/blog\/patch-day-january-2026\/\" href=\"https:\/\/onapsis.com\/blog\/patch-day-january-2026\/\" data-auth=\"NotApplicable\">SAP Patch Day: January 2025 &#8211; Onapsis<\/a><\/b><\/p>\n<p>&nbsp;<\/p>\n<p><strong style=\"color: #014888; font-family: inherit; font-size: 1.6rem; letter-spacing: 0em;\"><u>Resources affected<\/u><\/strong><\/p>\n<div class=\"w-post-elm post_content\">\n<p>The full list of affected systems\/components is as follows:<\/p>\n<div role=\"presentation\">\n<ul>\n<li><b>SAP S\/4HANA Private Cloud and On-Premise (Financials \u2013 General Ledger) Version(s)\u00a0\u2013<\/b> \u00a0S4CORE 102, 103, 104, 105, 106, 107, 108, 109<\/li>\n<li><b>SAP Wily Introscope Enterprise Manager (WorkStation)\u00a0\u2013 <\/b>WILY_INTRO_ENTERPRISE 10.8<\/li>\n<li><b>SAP S\/4HANA (Private Cloud and On-Premise)\u00a0\u2013 <\/b>S4CORE 102, 103, 104, 105, 106, 107, 108, 109<\/li>\n<li><b>SAP Landscape Transformation \u2013<\/b> DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020<\/li>\n<li><b>SAP HANA database\u00a0\u2013 <\/b>SAP HANA database HDB 2.00<\/li>\n<li>SAP Application Server for ABAP and SAP NetWeaver RFCSDK<b>\u00a0\u2013 <\/b>KRNL64UC 7.53, NWRFCSDK 7.50, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16<\/li>\n<li><b>SAP Fiori App (Intercompany Balance Reconciliation)\u00a0\u2013<\/b> UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108<\/li>\n<li><b>SAP NetWeaver Application Server ABAP and ABAP Platform\u00a0\u2013<\/b> SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816<\/li>\n<li><b>SAP ERP Central Component and SAP S\/4HANA (SAP EHS Management)\u00a0\u2013 <\/b>SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606, 617<\/li>\n<li><b>SAP NetWeaver Enterprise Portal\u00a0\u2013 <\/b>EP-RUNTIME 7.50<\/li>\n<li><b>SAP Business Connector \u2013<\/b> SAP BC 4.8<\/li>\n<li><b>SAP Supplier Relationship Management (SICF Handler in SRM Catalog)\u00a0\u2013 <\/b>SRM_SERVER 700, 701, 702, 713, 714<\/li>\n<li><b>SAP Identity Management\u00a0\u2013 <\/b>DM_CLM_REST_API 8.0, IDMIC 8.0<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. January 2026 Notes Monthly Summary and Highlights This month, a total of 17 notes were released, 3 more than in December 2025. Four Hot News notes were published, one more than in the&#8230;<\/p>\n","protected":false},"author":6,"featured_media":13865,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[150],"class_list":["post-13863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2","tag-sap-notes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Security Notes, January 2026 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, January 2026\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-14T10:05:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-14T10:06:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, January 2026\",\"datePublished\":\"2026-01-14T10:05:45+00:00\",\"dateModified\":\"2026-01-14T10:06:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/\"},\"wordCount\":1131,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/notas-sap-enero-2026.jpg\",\"keywords\":[\"SAP Notes\"],\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/\",\"name\":\"SAP Security Notes, January 2026 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/notas-sap-enero-2026.jpg\",\"datePublished\":\"2026-01-14T10:05:45+00:00\",\"dateModified\":\"2026-01-14T10:06:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/notas-sap-enero-2026.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/notas-sap-enero-2026.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-january-2026\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, January 2026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, January 2026 - Inprosec","description":"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, January 2026","og_description":"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/","og_site_name":"Inprosec","article_published_time":"2026-01-14T10:05:45+00:00","article_modified_time":"2026-01-14T10:06:07+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, January 2026","datePublished":"2026-01-14T10:05:45+00:00","dateModified":"2026-01-14T10:06:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/"},"wordCount":1131,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg","keywords":["SAP Notes"],"articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/","name":"SAP Security Notes, January 2026 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg","datePublished":"2026-01-14T10:05:45+00:00","dateModified":"2026-01-14T10:06:07+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from january 2026, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/notas-sap-enero-2026.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-january-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, January 2026"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13863"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13863\/revisions"}],"predecessor-version":[{"id":13869,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13863\/revisions\/13869"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13865"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}