Summary
Key Points:
- SAP has released fixes for 15 vulnerabilities, including four critical flaws in SAP NetWeaver and SAP Commerce Cloud.
- The critical vulnerabilities include CVE-2026-44748, which allows authenticated attackers to tamper with identity information, and CVE-2026-27671, which enables unauthenticated attackers to exploit memory corruption via crafted RFC requests.
- Organizations using affected products should prioritize patching the identified vulnerabilities immediately to mitigate risks of unauthorized access and system disruption.
Technical Details: CVE-2026-44748 allows an attacker with normal privileges to send modified signed XML documents, potentially leading to unauthorized access. CVE-2026-27671 can be exploited without authentication, causing memory corruption.
MITRE ATT&CK Techniques: None mentioned
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.