CVE Tools
Back to feed
SecurityWeek ·EN-US News source Patch releasedNetWeaver Application Server ABAPApprouterCommerce Cloud

SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud

By Ionut Arghire··2 min read
CVE Tools coverage

SAP has issued urgent security updates to fix several high-risk vulnerabilities affecting its core enterprise platforms. Among the most severe is CVE-2026-44747, a memory corruption flaw in NetWeaver Application Server ABAP with a CVSS score of 9.9. Attackers could exploit this to manipulate data or disrupt services. A separate HTTP request smuggling vulnerability (CVE-2026-27690) impacts Approuter, allowing unauthenticated attackers to send malicious requests. Additionally, a hardcoded credential issue in Commerce Cloud (CVE-2026-44761) could enable unauthorized access if default configurations are left unchanged. SAP urges users to apply the latest patches immediately.