Bleepingcomputer
SAP Addresses Critical Vulnerabilities in July 2026 Security Updates
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
SAP has released security updates addressing 16 vulnerabilities, including three critical flaws in its NetWeaver, Commerce Cloud, and AppRouter products. The most severe, CVE-2026-44747, allows authenticated attackers to exploit memory management errors in NetWeaver, potentially leading to unauthorized data access and system downtime. CVE-2026-27690 is an HTTP Request Smuggling vulnerability in AppRouter that could enable unauthenticated attackers to disrupt services. CVE-2026-44761 in Commerce Cloud allows attackers to exploit default credentials to access sensitive data. Other vulnerabilities include high-severity issues related to DLL hijacking and cross-site scripting. SAP has not confirmed any active exploitation of these vulnerabilities. IT managers are advised to apply the updates promptly to mitigate risks. This follows a similar patching effort in June 2026, which addressed 15 vulnerabilities.
Key Points: • SAP patched 16 vulnerabilities, including three critical flaws affecting key products. • CVE-2026-44747 allows unauthorized data access through memory corruption in NetWeaver. • CVE-2026-44761 exposes Commerce Cloud to attacks via default OAuth2 credentials.