CVE-2026-27677 — Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. T — CVE Database · The Intelligence Room