[CIAD-2026-0034] Multiple Vulnerabilities in SAP Products

By Published On: July 16, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in SAP Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: High


Software Affected


SAP S/4HANA including Project Management (PPM-PRO), Draft Operation, and Create Single Payment 

SAP NetWeaver Application Server (ABAP and Java) including Business Server Pages, Web Container, and Configuration Wizard 

SAP NetWeaver Enterprise Portal 

SAP Commerce Cloud 

SAP Approuter Library 

SAP Integration Suite (Edge Integration Cell) 

SAProuter (Microsoft Windows) 

SAP Change and Transport System (CTS) Attach Tool (ctsattach) 

SAP Fiori (Launchpad) 

SAP CRM (WebClient UI) 

SAP HANA Extended Application Services (XS Classic Model – User Self Service) 

UI5 Web Components Base (ui5/webcomponents-base)

Overview


Multiple vulnerabilities have been reported in SAP products which could allow an attacker to execute arbitrary code, perform HTTP request smuggling, SQL injection, cross-site scripting (XSS), open redirect, directory traversal, and DLL hijacking attacks, disclose sensitive information, bypass authorization checks, exploit security misconfigurations, or cause denial-of-service (DoS) conditions on the targeted system.


Target Audience:

SAP Basis administrators, SAP system administrators, SAP security teams, IT infrastructure teams, SAP application administrators, and developers managing or supporting affected SAP products and components.


Risk Assessment:

High risk of unauthorized access, execution of arbitrary code or commands, disclosure of sensitive information, authentication and authorization bypass, and compromise of affected SAP systems.


Impact Assessment:

Potential remote code execution, unauthorized access, information disclosure, data compromise, and disruption of affected SAP systems.


Description


Multiple vulnerabilities have been reported in SAP products.


Solution


Apply appropriate fixes as mentioned in SAP Security Advisory:   

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html


Vendor Information


SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html


References


SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html


CVE Name

CVE-2026-44747

CVE-2026-27690

CVE-2026-44761

CVE-2026-40128

CVE-2026-40860

CVE-2026-40453

CVE-2026-33454

CVE-2026-0487

CVE-2026-44752

CVE-2026-44745

CVE-2026-43512

CVE-2026-41293

CVE-2026-43515

CVE-2026-58233

CVE-2026-44759

CVE-2026-44767

CVE-2026-44769

CVE-2026-44760

CVE-2026-44771

CVE-2026-44770

CVE-2026-24315

CVE-2026-44768

CVE-2026-44753

CVE-2025-68161




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpY77sACgkQ3jCgcSdc

ys88LQ/9EaCE9skZoW+lLpkhRsHAKZS3BUGMazzbHVXh/8DU8szbqVb086eZst6O

/yZor9YhRiTkYA0QXaC1qrzFLm6o/x/N/uodB2QCvaZoTTpqR+JT4Tot7GEezguL

fl11c0t6pKMbeM+47rXcUyxLb0TuzWEYVOsEWhOErBM96HjgqxV9YbHiPVhcNvKk

C0R4iBGWInHnka6TIjHyQ+d1N0oKnT/UnFBaFvKVS+iM1a7TaRqVel6TKAh/lmVb

qjNFiM+VNGLYkqrfTVZFwqJ09m96lBok5hwsXkL9Bm2AD/aZQUxyL/RVnGapYEGy

hnlS40O+RFzuIvixUkDjYo/kG31iZJcyhe+qPKxv8kr7hiAcsMHXilFyzyVq5lc0

oiYta0IBssVg5JPy1AkbrhOpkXTBJgDcCaX+5XMlE2b/+ynXgMsfyLryVWUgoxmN

eHe6iw2FMiQ+vyZ2PNTKCrucz4C3yGfPdDP7BKYoddBFIIVQkgm+Va/00L/MYarp

LS3o4eZhl3RV7QwxsAj2hXMDCi6D1NeJzKtdASHH6OeqxzFT05zpIkxz/ydsWW0Y

F6eGkplzAkGSdf2T3v4DwLx7e2RXJ20Z7GI9aP4MUaqCW/OtSDoMlVadeva9BIFY

GYh57X5aQs9BEPqmUc7UPdbcnqDVR1tZ4MNCq+SOxZPQkZqyOkE=

=LumA

—–END PGP SIGNATURE—–

Share this article