[Vulnerability Alert] Critical Security Vulnerability Found in SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685)

Date Posted: 2026/03/19

Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685)

Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000008
- SAP released a critical security advisory for its SAP NetWeaver Enterprise Portal Administration product (CVE-2026-27685, CVSS: 9.1). This allows a privileged attacker to upload untrusted or malicious content, which, upon deserialization by the system, may impact the confidentiality, integrity, and availability of the host system.
Impacted Platforms:
- SAP NetWeaver Enterprise Portal Administration Version(s) - EP-RUNTIME 7.50
Suggested Measures:
- Please patch according to the solutions released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html
References:
1. https://www.twcert.org.tw/tw/cp-169-10757-ddbaa-1.html

Computer and Communication Center
Network Systems Division