[Vulnerability Alert] Critical Security Vulnerability Found in SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685)

• Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000008
  • SAP released a critical security advisory for its SAP NetWeaver Enterprise Portal Administration product (CVE-2026-27685, CVSS: 9.1). This allows a privileged attacker to upload untrusted or malicious content, which, upon deserialization by the system, may impact the confidentiality, integrity, and availability of the host system.
• Impacted Platforms:
  • SAP NetWeaver Enterprise Portal Administration Version(s) - EP-RUNTIME 7.50
• Suggested Measures:
  • Please patch according to the solutions released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10757-ddbaa-1.html

Computer and Communication Center
Network Systems Division