SAP’s June 2026 Security Patch package fixes 15 vulnerabilities, including four critical flaws in SAP NetWeaver and SAP Commerce Cloud that could enable authentication bypass, memory corruption, and directory traversal attacks. Organizations using these products should prioritize patching CVE-2026-44748 and CVE-2026-27671 due to their high severity and potential impact on enterprise environments. #SAPNetWeaver #SAPCommerceCloud #CVE-2026-44748 #CVE-2026-27671
Keypoints
- SAP released fixes for 15 vulnerabilities in its June 2026 patch package.
- Four critical flaws affect SAP NetWeaver and SAP Commerce Cloud.
- CVE-2026-44748 may allow authentication bypass in SAML-based environments.
- CVE-2026-27671 can be exploited without authentication to cause memory corruption.
- SAP also patched high-severity issues, including Tomcat flaws and a missing authorization check.