Heise.De
SAP Addresses Critical Vulnerabilities in Commerce Cloud and S/4HANA
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 12, 2026, SAP released security updates for 15 vulnerabilities, including two critical flaws in Commerce Cloud and S/4HANA. The first critical vulnerability (CVE-2026-34263) allows unauthenticated attackers to execute arbitrary code due to a missing authentication check. The second critical flaw (CVE-2026-34260) enables attackers with basic privileges to perform SQL injection attacks, potentially accessing sensitive database information or crashing the application. SAP's advisory also includes fixes for one high-severity and 11 medium-severity issues. While no exploitation of these vulnerabilities has been confirmed, CISA has previously cataloged similar SAP vulnerabilities as exploited in the wild. Organizations using affected SAP products are urged to apply the patches promptly.
Key Points: • SAP released patches for 15 vulnerabilities, including two critical flaws. • CVE-2026-34263 allows unauthenticated code execution in Commerce Cloud. • CVE-2026-34260 enables SQL injection attacks in S/4HANA, risking data exposure.