CyberSecurityNews

SAP Security Update July 2026


SAP has released its July 2026 Security Patch Day updates, addressing a critical memory corruption vulnerability in the SAP NetWeaver Application Server ABAP.

The most severe issue, tracked as CVE-2026-44747, has a CVSS score of 9.9 and affects multiple SAP kernel versions used in enterprise environments.

On July 14, SAP published 16 new security notes and one GitHub security advisory, along with three updates to previously released notes. Administrators are urged to review the affected systems and apply the fixes as a priority through the SAP Support Portal.

The critical NetWeaver ABAP flaw is outlined in SAP Security Note 3747367. CVE-2026-44747 is described as a memory corruption vulnerability that can occur when an application improperly handles memory operations.

This could potentially allow an attacker to change program execution, access sensitive information, crash services, or execute malicious code under certain conditions.

The vulnerability impacts several SAP kernel and NetWeaver versions, including KRNL64NUC and KRNL64UC 7.22 and 7.22EXT, as well as kernel versions 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19, and 9.20.

Organizations should verify the specific software components and patch levels in their SAP landscape before applying the correction.

The assigned CVSS vector indicates that exploitation is network-based, requires low attack complexity, and demands low privileges, with no user interaction needed.

SAP Security Update July 2026

Successful exploitation could significantly impact confidentiality, integrity, and availability. Additionally, the attack scope has changed, meaning a compromised component may affect resources beyond its original security boundary.

SAP’s July Patch Day also addresses two other critical vulnerabilities. CVE-2026-27690 is an HTTP request smuggling flaw in SAP Approuter versions earlier than 20.10.0, rated 9.1.

Attackers may exploit request smuggling to bypass front-end security controls or interfere with how back-end systems process HTTP requests.

Another critical issue, CVE-2026-44761, affects SAP Commerce Cloud releases HY_COM 2205, COM_CLOUD 2211, and 2211-JDK21.

This flaw stems from insecure sample credentials and has a CVSS score of 9.1. Default, exposed, or inadequately protected credentials can enable unauthorized access to affected environments.

SAP also updated its June security note for CVE-2026-40128, a directory traversal vulnerability in the SAP NetWeaver Application Server Java Web Container.

This vulnerability carries a CVSS score of 9.0. It may allow attackers to access or modify files outside of an intended directory path.

Security teams should prioritize SAP Note 3747367, validate kernel compatibility, test patches in non-production environments, and schedule accelerated deployment for internet-facing or business-critical NetWeaver instances.

SAP NoteCVEVulnerabilityAffected ProductPriorityCVSS
3747367CVE-2026-44747Memory CorruptionSAP NetWeaver Application Server ABAPCritical9.9
3720138CVE-2026-27690HTTP Request SmugglingSAP ApprouterCritical9.1
3753495CVE-2026-44761Insecure Sample CredentialsSAP Commerce CloudCritical9.1
3727078CVE-2026-40128Directory TraversalSAP NetWeaver AS Java Web ContainerCritical9.0
3758101CVE-2026-40860, CVE-2026-40453, CVE-2026-33454Multiple Apache Camel vulnerabilitiesSAP Integration Suite Edge Integration CellHigh8.8
3692165CVE-2026-0487DLL HijackingSAProuter for Microsoft WindowsHigh8.4
3748227CVE-2026-44752Cross-Site ScriptingSAP NetWeaver AS Java Configuration WizardHigh8.2
3741519CVE-2026-44745Open RedirectSAP ApprouterHigh8.1
3763800CVE-2026-43512, CVE-2026-41293, CVE-2026-43515Multiple Apache Tomcat vulnerabilitiesSAP Commerce CloudHigh8.1
3773304CVE-2026-58233Remote Code ExecutionSAP Change and Transport System Attach Tool (ctsattach)High7.6
3746678CVE-2026-44759Cross-Site ScriptingSAP NetWeaver Enterprise PortalMedium6.1
GHSA-p8gx-753q-v89pCVE-2026-44767Allowlist Bypass / Cross-Origin CSS InjectionUI5 Web Components BaseMedium6.1
3537373CVE-2026-44769SQL InjectionSAP S/4HANA Project Management (PPM-PRO)Medium5.5
3754659CVE-2026-44760Cross-Site ScriptingSAP NetWeaver AS ABAP Business Server PagesMedium4.7
3515598CVE-2026-44771Missing Authorization CheckSAP S/4HANA Draft OperationMedium4.3
3713902CVE-2026-44770Missing Authorization CheckSAP S/4HANA Create Single PaymentMedium4.3
3682699CVE-2026-24315Path TraversalSAP Fiori LaunchpadMedium4.2
3155685CVE-2026-44768Security MisconfigurationSAP CRM WebClient UIMedium4.1
3732522CVE-2026-44753Information DisclosureSAP HANA Extended Application Services, classic modelLow3.7
3726899CVE-2025-68161Potential Apache Log4j library vulnerabilitySAP NetWeaver AS JavaLow3.3

They should also restrict unnecessary network access to SAP application servers, review privileged accounts, monitor system logs for abnormal activity, and ensure backups are available before maintenance.

SAP Security Patch Days provide the vendor’s regular channel for publishing corrective Security Notes, and SAP recommends that customers review and implement relevant notes to protect their SAP landscapes.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.



Source link