VulnerabilityBleeping Computer
9.9 — CRITICAL
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
SAP has released fixes for 15 vulnerabilities, including four critical-severity flaws in NetWeaver and Commerce Cloud, which could allow attackers to bypass authentication, exploit memory corruption, or manipulate HTTP headers.
⚙️Technical Details
💥Impact Assessment
Severity: Critical
🛡️Recommended Actions
1Apply patches to SAP NetWeaver and Commerce Cloud as soon as possible
2Disable SAML authentication until the vulnerability is patched
3Monitor for suspicious activity in HTTP logs
📦Affected Products
Vmware Spring SecurityApache TomcatApache Tomcat NativeSAP NetWeaverSAP Commerce Cloud
🔐NVD Verified DataVERIFIED
CVE-2026-44748 ↗CVSS 9.9 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-347
CVE-2026-27671 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-121
CVE-2026-22732 ↗CVSS 9.1 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NWeaknesses
CWE-425
Affected Products (CPE)
Vmware Spring Security
CVE-2026-40128 ↗CVSS 9 — CRITICAL
Attack Vector
NETWORK
Complexity
HIGH
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-35
CVE-2026-29145 ↗CVSS 9.1 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NWeaknesses
CWE-287
Affected Products (CPE)
Apache TomcatApache Tomcat Native
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.