CVE-2026-40136 — SAP Financial Consolidation allows an authenticated

May 12, 2026 06:16 /MEDIUM /CVSS 4.3/10

Written by SCW Vulnerability Desk Vulnerability Intelligence

National Vulnerability Database vulnerabilitycvemedium-severitycwe-404

CVE-2026-40136 — SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality

What This Means For You

If your environment is affected by CWE-404, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-40136 updates and patches.

Related ATT&CK Techniques

T1499 Endpoint Denial of Service Impact

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1499 Defense Evasion

SAP Financial Consolidation User Session Termination - CVE-2026-40136

Sigma YAML — free preview

title: SAP Financial Consolidation User Session Termination - CVE-2026-40136
id: scw-2026-05-12-ai-1
status: experimental
level: medium
description: |
  Detects the specific API endpoint used by authenticated attackers to terminate other users' sessions in SAP Financial Consolidation, as described in CVE-2026-40136. This action temporarily prevents access for other users.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-40136/
tags:
  - attack.defense_evasion
  - attack.t1499
logsource:
    category: webserver
detection:
  selection:
      cs-uri:
          - '/sap/finc/consolidation/session/terminate'
      cs-method:
          - 'POST'
      sc-status:
          - '200'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

ID	Type	Indicator
CVE-2026-40136	vulnerability	CVE-2026-40136
CWE-404	weakness	CWE-404

Written by SCW Vulnerability Desk

Source & Attribution

Source Platform	NVD
Channel	National Vulnerability Database
Published	May 12, 2026 at 06:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Related ATT&CK Techniques

🛡️ Detection Rules

SAP Financial Consolidation User Session Termination - CVE-2026-40136

Indicators of Compromise

Related coverage

CVE-2026-40137 — SAP TAF_APPLAUNCHER within Business Server Pages allows an

CVE-2026-40135 — Command Injection

CVE-2026-40134 — Due to insufficient authorization checks in the SAP