www.securityweek.com 7/14/2026, 11:31:35 AM · external

SAP patches memory corruption flaw in NetWeaver after Patch Day

SAP patches memory corruption flaw in NetWeaver after Patch Day
Developing story vulnerability 2 articles tracked
SAP patches critical memory corruption flaw in NetWeaver (CVE-2026-44747)
CyberSIXT Evidence Panel
Primary Source support.sap.com
CISA KEV Not in KEV
Patch Patch Status Unknown

SAP released 19 new and updated security notes on July 2026 security patch day, addressing critical vulnerabilities. The most significant flaw is CVE-2026-44747 (CVSS 9.9), a memory corruption issue in NetWeaver Application Server ABAP, allowing data access, modification, and system unavailability. Another critical vulnerability, CVE-2026-27690 (CVSS 9.1), involves HTTP request smuggling in Approuter, permitting unauthenticated access.

A hardcoded credential issue in Commerce Cloud (CVE-2026-44761, CVSS 9.1) could grant unauthorized data access. Users are urged to apply patches or disable affected ICF nodes temporarily. Additional updates addressed high-severity flaws across various SAP products, including Integration Suite and Commerce Cloud.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline