
[CIAD-2026-0034] Multiple Vulnerabilities in SAP Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in SAP Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: High
Software Affected
SAP S/4HANA including Project Management (PPM-PRO), Draft Operation, and Create Single Payment
SAP NetWeaver Application Server (ABAP and Java) including Business Server Pages, Web Container, and Configuration Wizard
SAP NetWeaver Enterprise Portal
SAP Commerce Cloud
SAP Approuter Library
SAP Integration Suite (Edge Integration Cell)
SAProuter (Microsoft Windows)
SAP Change and Transport System (CTS) Attach Tool (ctsattach)
SAP Fiori (Launchpad)
SAP CRM (WebClient UI)
SAP HANA Extended Application Services (XS Classic Model – User Self Service)
UI5 Web Components Base (ui5/webcomponents-base)
Overview
Multiple vulnerabilities have been reported in SAP products which could allow an attacker to execute arbitrary code, perform HTTP request smuggling, SQL injection, cross-site scripting (XSS), open redirect, directory traversal, and DLL hijacking attacks, disclose sensitive information, bypass authorization checks, exploit security misconfigurations, or cause denial-of-service (DoS) conditions on the targeted system.
Target Audience:
SAP Basis administrators, SAP system administrators, SAP security teams, IT infrastructure teams, SAP application administrators, and developers managing or supporting affected SAP products and components.
Risk Assessment:
High risk of unauthorized access, execution of arbitrary code or commands, disclosure of sensitive information, authentication and authorization bypass, and compromise of affected SAP systems.
Impact Assessment:
Potential remote code execution, unauthorized access, information disclosure, data compromise, and disruption of affected SAP systems.
Description
Multiple vulnerabilities have been reported in SAP products.
Solution
Apply appropriate fixes as mentioned in SAP Security Advisory:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html
Vendor Information
SAP
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html
References
SAP
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html
CVE Name
CVE-2026-44747
CVE-2026-27690
CVE-2026-44761
CVE-2026-40128
CVE-2026-40860
CVE-2026-40453
CVE-2026-33454
CVE-2026-0487
CVE-2026-44752
CVE-2026-44745
CVE-2026-43512
CVE-2026-41293
CVE-2026-43515
CVE-2026-58233
CVE-2026-44759
CVE-2026-44767
CVE-2026-44769
CVE-2026-44760
CVE-2026-44771
CVE-2026-44770
CVE-2026-24315
CVE-2026-44768
CVE-2026-44753
CVE-2025-68161
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpY77sACgkQ3jCgcSdc
ys88LQ/9EaCE9skZoW+lLpkhRsHAKZS3BUGMazzbHVXh/8DU8szbqVb086eZst6O
/yZor9YhRiTkYA0QXaC1qrzFLm6o/x/N/uodB2QCvaZoTTpqR+JT4Tot7GEezguL
fl11c0t6pKMbeM+47rXcUyxLb0TuzWEYVOsEWhOErBM96HjgqxV9YbHiPVhcNvKk
C0R4iBGWInHnka6TIjHyQ+d1N0oKnT/UnFBaFvKVS+iM1a7TaRqVel6TKAh/lmVb
qjNFiM+VNGLYkqrfTVZFwqJ09m96lBok5hwsXkL9Bm2AD/aZQUxyL/RVnGapYEGy
hnlS40O+RFzuIvixUkDjYo/kG31iZJcyhe+qPKxv8kr7hiAcsMHXilFyzyVq5lc0
oiYta0IBssVg5JPy1AkbrhOpkXTBJgDcCaX+5XMlE2b/+ynXgMsfyLryVWUgoxmN
eHe6iw2FMiQ+vyZ2PNTKCrucz4C3yGfPdDP7BKYoddBFIIVQkgm+Va/00L/MYarp
LS3o4eZhl3RV7QwxsAj2hXMDCi6D1NeJzKtdASHH6OeqxzFT05zpIkxz/ydsWW0Y
F6eGkplzAkGSdf2T3v4DwLx7e2RXJ20Z7GI9aP4MUaqCW/OtSDoMlVadeva9BIFY
GYh57X5aQs9BEPqmUc7UPdbcnqDVR1tZ4MNCq+SOxZPQkZqyOkE=
=LumA
—–END PGP SIGNATURE—–


