Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
July 2026 SAP Security Updates Address Critical Flaws

July 2026 SAP Security Updates Address Critical Flaws

Posted on July 14, 2026 By CWS

SAP has issued its July 2026 Security Patch Day updates, aiming to resolve a critical memory corruption vulnerability identified in the SAP NetWeaver Application Server ABAP. This significant flaw, cataloged as CVE-2026-44747, holds a CVSS score of 9.9 and impacts several SAP kernel versions utilized in enterprise settings.

Details of the Critical Vulnerability

On July 14, SAP unveiled 16 new security notes and a GitHub security advisory, also updating three previously released notes. It is crucial for administrators to examine affected systems and prioritize the application of these fixes through the SAP Support Portal. The critical NetWeaver ABAP vulnerability is detailed in SAP Security Note 3747367. CVE-2026-44747 involves memory corruption due to improper handling of memory operations, potentially allowing an attacker to alter program execution, access sensitive data, disrupt services, or execute malicious code under specific circumstances.

This vulnerability affects various SAP kernel and NetWeaver versions, such as KRNL64NUC and KRNL64UC 7.22 and 7.22EXT, alongside versions 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19, and 9.20. Organizations are advised to confirm their software components and patch levels in their SAP environment before deploying the patch.

Additional Critical Vulnerabilities

The CVSS vector associated with this vulnerability indicates that exploitation is network-based, requiring low attack complexity and privileges, with no need for user interaction. Successful exploitation could detrimentally affect confidentiality, integrity, and availability. Furthermore, changes in the attack scope imply that a compromised component may influence resources beyond its initial security perimeter.

SAP’s July Patch Day also addresses two other critical vulnerabilities: CVE-2026-27690, an HTTP request smuggling issue in SAP Approuter versions prior to 20.10.0, rated 9.1, and CVE-2026-44761, which affects SAP Commerce Cloud releases HY_COM 2205, COM_CLOUD 2211, and 2211-JDK21 due to insecure sample credentials, also rated 9.1. These vulnerabilities could enable unauthorized access and manipulation of HTTP requests.

Recommendations for Administrators

SAP has updated its June security note for CVE-2026-40128, a directory traversal vulnerability in the SAP NetWeaver Application Server Java Web Container, with a CVSS score of 9.0. This flaw may allow attackers to access or modify files outside of the intended directory path. Security teams should prioritize SAP Note 3747367, verify kernel compatibility, test patches in non-production environments, and expedite deployment for internet-facing or business-critical NetWeaver instances.

Administrators should also limit unnecessary network access to SAP application servers, review privileged accounts, monitor system logs for unusual activity, and ensure backups are available before maintenance. SAP Security Patch Days are a regular avenue for releasing corrective Security Notes, and SAP advises customers to review and implement relevant notes to safeguard their SAP landscapes.

Strengthen your Security Operations Center (SOC) by integrating ANY.RUN for enhanced threat detection and rapid incident responses.

Cyber Security News Tags:CVE-2026-44747, Cybersecurity, enterprise security, NetWeaver, SAP, SAP Approuter, SAP NetWeaver, security patch, tech news, Vulnerability

Post navigation

Previous Post: US, Allies Alert on Russian Cyber Threats to Key Infrastructure
Next Post: Old Microsoft UEFI Shims Pose Secure Boot Risk

Related Posts

Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media Cyber Security News
Open-Source Tool for Salesforce Aura Framework Misconfiguration Analysis Open-Source Tool for Salesforce Aura Framework Misconfiguration Analysis Cyber Security News
Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents Cyber Security News
Cybercriminals Exploit Legitimate Platforms for Ransomware Cybercriminals Exploit Legitimate Platforms for Ransomware Cyber Security News
Cisco Secure Firewall Vulnerability Allows Hackers to Inject Remote Shell Command Injection Cisco Secure Firewall Vulnerability Allows Hackers to Inject Remote Shell Command Injection Cyber Security News
GlassWorm Malware Expands Through 73 New Sleeper Extensions GlassWorm Malware Expands Through 73 New Sleeper Extensions Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark