SAP warns of critical flaws in NetWeaver and Commerce Cloud

SAP warns of critical flaws in NetWeaver and Commerce Cloud
SAP’s July 2026 security updates address 16 vulnerabilities across multiple products, including critical flaws in NetWeaver AS ABAP, SAP Approuter, and SAP Commerce Cloud. Although SAP has no evidence of active exploitation yet, several of the patched issues could enable memory corruption, request smuggling, unauthorized access, and data modification. #SAPNetWeaver #SAPApprouter #SAPCommerceCloud #CVE-2026-44747 #CVE-2026-27690 #CVE-2026-44761

Keypoints

  • SAP patched 16 vulnerabilities in its July 2026 security updates.
  • Three critical flaws affect NetWeaver, Approuter, and Commerce Cloud.
  • CVE-2026-44747 could lead to memory corruption and system unavailability.
  • CVE-2026-27690 enables HTTP Request Smuggling in SAP Approuter.
  • CVE-2026-44761 may let attackers use default credentials to access Commerce Cloud APIs.

Read More: https://www.bleepingcomputer.com/news/security/sap-warns-of-critical-flaws-in-netweaver-and-commerce-cloud/