logo

SAP Security Patch Day June 2026: Critical CVE-2026-44748 SAML Flaw Could Allow Full Authentication Bypass

ID: a30ce81d-aa36-5b28-9e52-81a183bc740b

STIX ID: report--a30ce81d-aa36-5b28-9e52-81a183bc740b

Feed Name: SOCRadar Blog

Threat Score
80/100

Date Published: 2026-06-10

Date Updated: 2026-06-11

Author: Ameer Owda

...
...

SAP’s June 2026 Security Patch Day published 15 Security Notes addressing high-impact vulnerabilities across SAP products, including four critical issues: a SAML XML Signature Wrapping authentication bypass (CVE-2026-44748, CVSS 9.9), an unauthenticated memory corruption/RFC-based kernel flaw (CVE-2026-27671, CVSS 9.8), a Spring Security headers flaw affecting Commerce Cloud/Data Hub (CVE-2026-22732, CVSS 9.1), and a directory traversal in the Java web container (CVE-2026-40128, CVSS 9.0); SAP recommends applying vendor patches (workarounds are limited for some products) due to broad impact and high severity.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.