SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
SAP’s July 2026 security updates fix multiple critical flaws, including CVE-2026-44747 in SAP NetWeaver Application Server ABAP, which could lead to memory corruption and unauthorized access. The patch set also addresses request smuggling in SAP Approuter and default-credential exposure in SAP Commerce Cloud tied to sample OAuth 2.0 client settings from SAP Help Portal documentation. #SAPNetWeaver #SAPApprouter #SAPCommerceCloud #CVE-2026-44747 #CVE-2026-27690 #CVE-2026-44761

Keypoints

  • SAP released July 2026 updates for multiple critical vulnerabilities.
  • CVE-2026-44747 affects SAP NetWeaver Application Server ABAP with a 9.9 CVSS score.
  • CVE-2026-27690 enables HTTP request and response smuggling in SAP Approuter.
  • CVE-2026-44761 involves default credentials in SAP Commerce Cloud sample OAuth 2.0 clients.
  • Customers should remove sample clients or replace hard-coded secrets and apply the latest patches.

Read More: https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html