SAP Addresses Critical Vulnerabilities in July 2026 Security Updates

SAP Addresses Critical Vulnerabilities in July 2026 Security Updates

First seen 14 Jul 2026, 14:06 UTC Heise.DeCybersecuritynewsBleepingcomputerThehackernewsCsa.Sg+2 88% similarity 74.0

Article Content

Browse articles
ThreatCluster

SAP has released security updates addressing 16 vulnerabilities, including three critical flaws in its NetWeaver, Commerce Cloud, and AppRouter products. The most severe, CVE-2026-44747, allows authenticated attackers to exploit memory management errors in NetWeaver, potentially leading to unauthorized data access and system downtime. CVE-2026-27690 is an HTTP Request Smuggling vulnerability in AppRouter that could enable unauthenticated attackers to disrupt services. CVE-2026-44761 in Commerce Cloud allows attackers to exploit default credentials to access sensitive data. Other vulnerabilities include high-severity issues related to DLL hijacking and cross-site scripting. SAP has not confirmed any active exploitation of these vulnerabilities. IT managers are advised to apply the updates promptly to mitigate risks. This follows a similar patching effort in June 2026, which addressed 15 vulnerabilities.

Key Points: • SAP patched 16 vulnerabilities, including three critical flaws affecting key products. • CVE-2026-44747 allows unauthorized data access through memory corruption in NetWeaver. • CVE-2026-44761 exposes Commerce Cloud to attacks via default OAuth2 credentials.

ThreatCluster AI

Timeline

2026-04-27
CVE-2026-40453 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-04-27
CVE-2026-33454 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-12
CVE-2026-41293 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-12
CVE-2026-43512 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-12
CVE-2026-43515 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-14
SAP patches 15 vulnerabilities
SAP's June security updates addressed 15 vulnerabilities, including critical ones.
Bleepingcomputer
2026-07-14
SAP releases July 2026 security updates
SAP addresses 16 vulnerabilities, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter.
Heise.De
2026-07-14
CVE-2026-44747 published
Memory corruption vulnerability in SAP NetWeaver allows unauthorized data access and system unavailability.
nvd.nist.gov
2026-07-14
CVE-2026-27690 published
HTTP Request Smuggling vulnerability in SAP Approuter enables unauthenticated attackers to disrupt services.
nvd.nist.gov
2026-07-14
CVE-2026-44761 published
Default credentials in SAP Commerce Cloud allow attackers to access sensitive data via APIs.
nvd.nist.gov

Community

Browse all →