SAP’s July 2026 security updates fix multiple critical flaws, including CVE-2026-44747 in SAP NetWeaver Application Server ABAP, which could lead to memory corruption and unauthorized access. The patch set also addresses request smuggling in SAP Approuter and default-credential exposure in SAP Commerce Cloud tied to sample OAuth 2.0 client settings from SAP Help Portal documentation. #SAPNetWeaver #SAPApprouter #SAPCommerceCloud #CVE-2026-44747 #CVE-2026-27690 #CVE-2026-44761
Keypoints
- SAP released July 2026 updates for multiple critical vulnerabilities.
- CVE-2026-44747 affects SAP NetWeaver Application Server ABAP with a 9.9 CVSS score.
- CVE-2026-27690 enables HTTP request and response smuggling in SAP Approuter.
- CVE-2026-44761 involves default credentials in SAP Commerce Cloud sample OAuth 2.0 clients.
- Customers should remove sample clients or replace hard-coded secrets and apply the latest patches.
Read More: https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html