SAP has released crucial updates as part of its July 2026 security bulletin, targeting several vulnerabilities, notably a severe flaw in the SAP NetWeaver Application Server ABAP. This action is in response to the critical CVE-2026-44747 vulnerability, rated 9.9 on the CVSS scale, which poses significant risks of unauthorized data access and system disruption.
Understanding the SAP NetWeaver Vulnerability
The identified flaw, CVE-2026-44747, is an out-of-bounds write issue. It allows authenticated attackers to exploit memory management errors, potentially leading to memory corruption. This corruption can result in unauthorized access, data modification, or even system downtime, making it imperative for organizations to address the vulnerability promptly.
SAP’s security partner, Onapsis, advises disabling all ICF nodes with a particular property through the transaction SICF as a temporary measure. However, this workaround may interrupt certain SAP GUI for HTML functions, suggesting that installing the updated ABAP Kernel version is the most effective solution.
Additional Critical Vulnerabilities
In addition to the NetWeaver issue, SAP has also patched other critical vulnerabilities. CVE-2026-27690, with a CVSS score of 9.1, affects SAP Approuter deployments outside Cloud Foundry environments. It involves an HTTP request/response smuggling flaw, enabling attackers to create request-response desynchronization, potentially exposing user data and causing denial-of-service attacks.
Another addressed vulnerability, CVE-2026-44761, also scores 9.1 and involves the use of default credentials in SAP Commerce Cloud. This flaw could allow attackers to utilize sample OAuth 2.0 client credentials to gain unauthorized access and modify data, significantly impacting confidentiality and integrity.
Recommendations and Future Outlook
The vulnerabilities highlighted by Onapsis, particularly the default credentials issue, arise from sample configuration scripts found in the SAP Help Portal. These scripts were initially intended for testing and development purposes but could be exploited if deployed in production environments without modifications.
To mitigate these risks, SAP customers are encouraged to conduct thorough audits of their production systems to identify and remove any residual sample OAuth 2.0 clients. For those who have already replaced default settings with secure, unique credentials, the threat is considerably reduced.
Although there are no current reports of these vulnerabilities being exploited in real-world scenarios, applying the suggested updates is crucial for maintaining robust security. As cybersecurity threats evolve, staying proactive with system updates remains a key strategy for protecting sensitive data and ensuring operational integrity.
