【Vulnerability Alert】SAP Releases Major Security Advisories for Multiple Products
Subject: 【Vulnerability Alert】SAP Releases Major Security Advisories for Multiple Products
Description:
Forwarded from the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) security alert TWCERTCC-200-202607-00000008.
【CVE-2026-44747, CVSS: 9.9】 SAP NetWeaver Application Server ABAP allows an authenticated attacker to exploit a logic error in memory management to cause memory corruption, leading to unauthorized data access, modification, or system unavailability.
【CVE-2026-27690, CVSS: 9.1】 An HTTP Request Smuggling vulnerability exists in SAP Approuter. An unauthenticated attacker can send specially crafted HTTP requests, leading to request-response desynchronization, which may leak user response data and result in system unavailability.
【CVE-2026-44761, CVSS: 9.1】 SAP Commerce Cloud may retain sample OAuth2 clients containing publicly documented sample credentials, which originate from sample configurations provided in the SAP Help Portal documentation. An unauthenticated attacker can exploit these public credentials to obtain valid tokens and call certain APIs to read and modify data.