SAP Security Patch Day June 2026: Critical CVE-2026-44748 SAML Flaw Could Allow Full Authentication Bypass
ID: a30ce81d-aa36-5b28-9e52-81a183bc740b
STIX ID: report--a30ce81d-aa36-5b28-9e52-81a183bc740b
Feed Name: SOCRadar Blog
SAP’s June 2026 Security Patch Day published 15 Security Notes addressing high-impact vulnerabilities across SAP products, including four critical issues: a SAML XML Signature Wrapping authentication bypass (CVE-2026-44748, CVSS 9.9), an unauthenticated memory corruption/RFC-based kernel flaw (CVE-2026-27671, CVSS 9.8), a Spring Security headers flaw affecting Commerce Cloud/Data Hub (CVE-2026-22732, CVSS 9.1), and a directory traversal in the Java web container (CVE-2026-40128, CVSS 9.0); SAP recommends applying vendor patches (workarounds are limited for some products) due to broad impact and high severity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
