SAP’s July 2026 security updates address 16 vulnerabilities across multiple products, including critical flaws in NetWeaver AS ABAP, SAP Approuter, and SAP Commerce Cloud. Although SAP has no evidence of active exploitation yet, several of the patched issues could enable memory corruption, request smuggling, unauthorized access, and data modification. #SAPNetWeaver #SAPApprouter #SAPCommerceCloud #CVE-2026-44747 #CVE-2026-27690 #CVE-2026-44761
Keypoints
- SAP patched 16 vulnerabilities in its July 2026 security updates.
- Three critical flaws affect NetWeaver, Approuter, and Commerce Cloud.
- CVE-2026-44747 could lead to memory corruption and system unavailability.
- CVE-2026-27690 enables HTTP Request Smuggling in SAP Approuter.
- CVE-2026-44761 may let attackers use default credentials to access Commerce Cloud APIs.