The Hacker News ·EN News source Patch releasedNetWeaver Application Server ABAPApprouterCommerce Cloud
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
CVE Tools coverage
SAP has issued security updates for multiple high-severity vulnerabilities discovered in its products during the July 2026 patch cycle. Among them is CVE-2026-44747, a critical out-of-bounds write flaw in the SAP NetWeaver Application Server ABAP with a CVSS score of 9.9. This flaw could allow an authenticated attacker to manipulate memory and potentially gain unauthorized access to or modify sensitive data. Two additional critical issues were also resolved: a request smuggling vulnerability in SAP Approuter (CVE-2026-27690) and a default credentials issue in SAP Commerce Cloud (CVE-2026-44761). While no active exploitation has been reported, SAP urges users to apply the latest patches immediately to mitigate potential risks.