CYBERSIXT Signal Over Noise
securityonline.info 6/9/2026, 8:41:48 AM · external

SAP SAML bug lets attackers bypass login, urgent patch called for

SAP SAML bug lets attackers bypass login, urgent patch called for
CyberSIXT Evidence Panel
Primary Source support.sap.com
CVE Intel
CVE-2026-44748 - NVD Not in KEV 9.9 CRITICAL Patch Unknown
CVE-2026-27671 - NVD Not in KEV 9.8 CRITICAL Patch Unknown
CVE-2026-40128 - NVD Not in KEV 9 CRITICAL Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

THE page discusses critical vulnerabilities highlighted during the June 2026 SAP security patch day. Key threats include CVE-2026-44748, which relates to an XML signature wrapping issue in SAML authentication, allowing unauthorized access potentially leading to tampering of identity data (CVSS score of 9.9). Other notable vulnerabilities are CVE-2026-27671, a memory corruption flaw in the ABAP kernel, and CVE-2026-40128, a directory traversal vulnerability in the Java Web Container. The page emphasizes the urgent need for system administrators to apply the latest patches to secure enterprise systems against these exploits.

View Primary Source Via securityonline.info

Article by CyberSIXT