SecurityWeek ·EN-US News source Patch releasedNetWeaver Application Server ABAPApprouterCommerce Cloud
SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud
CVE Tools coverage
SAP has issued urgent security updates to fix several high-risk vulnerabilities affecting its core enterprise platforms. Among the most severe is CVE-2026-44747, a memory corruption flaw in NetWeaver Application Server ABAP with a CVSS score of 9.9. Attackers could exploit this to manipulate data or disrupt services. A separate HTTP request smuggling vulnerability (CVE-2026-27690) impacts Approuter, allowing unauthenticated attackers to send malicious requests. Additionally, a hardcoded credential issue in Commerce Cloud (CVE-2026-44761) could enable unauthorized access if default configurations are left unchanged. SAP urges users to apply the latest patches immediately.