logo

SAP warns of critical flaws in NetWeaver and Commerce Cloud

ID: 4ac32158-0168-5880-a8c7-3d70c56c5aa3

STIX ID: report--4ac32158-0168-5880-a8c7-3d70c56c5aa3

Feed Name: Bleeping Computer

Threat Score
70/100

Date Published: 2026-07-14

Date Updated: 2026-07-15

Author: Sergiu Gatlan

...
...

SAP released July 2026 security updates fixing 16 vulnerabilities—three critical (NetWeaver memory corruption CVE-2026-44747, AppRouter HTTP request smuggling CVE-2026-27690, and Commerce Cloud default-credentials CVE-2026-44761)—alongside multiple high and medium severity fixes; there is no evidence the newly patched issues have been exploited, though past supply-chain compromises and CISA Known Exploited Vulnerabilities entries increase risk for affected organizations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.