SAP Patches Critical NetWeaver, Commerce Vulnerabilities
SAP released security patches addressing multiple critical vulnerabilities in NetWeaver, Commerce, and Data Hub components. These flaws include an XML Signature Wrapping issue in SAML authentication, a memory corruption bug in the SAP kernel, a Spring Security HTTP header issue, and a directory traversal vulnerability in NetWeaver Application Server Java. The vulnerabilities could lead to sensitive information disclosure, memory corruption, denial-of-service, and disruption of normal system usage. Temporary mitigation for the XML Signature Wrapping flaw includes disabling SAML authentication. SAP has issued official patches for these critical issues.
AI Analysis
Technical Summary
SAP's June 2026 security update addresses 15 security notes, including four critical vulnerabilities affecting NetWeaver, Commerce, and Data Hub. The most severe is CVE-2026-44748, an XML Signature Wrapping vulnerability in SAML Authentication of NetWeaver AS ABAP and ABAP Platform, allowing authenticated attackers to tamper with signed XML identity information and gain unauthorized access. CVE-2026-27671 is a memory corruption vulnerability in the SAP kernel due to improper validation of the RFC protocol, enabling unauthenticated attackers to exploit logic errors in memory management. CVE-2026-22732 affects applications using the Spring Security framework, potentially causing HTTP headers not to be written properly. CVE-2026-40128 is a directory traversal vulnerability in NetWeaver Application Server Java (Web Container) that allows unauthenticated attackers to manipulate file inclusion parameters to access sensitive data or cause denial-of-service. SAP also patched multiple Apache Tomcat flaws and an authorization check issue in NetWeaver and ABAP Platform. Temporary mitigation for CVE-2026-44748 includes disabling SAML authentication. Official patches have been released by SAP.
Potential Impact
Exploitation of these vulnerabilities can lead to unauthorized disclosure of sensitive information, memory corruption, denial-of-service conditions, and disruption of normal system operations. The XML Signature Wrapping flaw allows attackers to modify signed identity information, potentially gaining unauthorized access to sensitive user data. Memory corruption vulnerabilities may allow attackers to execute arbitrary code or crash services. Directory traversal can expose sensitive files or cause service disruption. The Spring Security flaw may result in improper HTTP header handling, affecting application security.
Mitigation Recommendations
SAP has released official patches addressing these critical vulnerabilities. Organizations should apply the June 2026 SAP security notes promptly to remediate these issues. For CVE-2026-44748, temporarily disabling SAML authentication can mitigate the risk until patches are applied. No indication of 'no action required' or 'already mitigated' was provided by SAP, so applying official fixes is recommended. Monitor SAP advisories for updates and follow vendor guidance.
SAP Patches Critical NetWeaver, Commerce Vulnerabilities
Description
SAP released security patches addressing multiple critical vulnerabilities in NetWeaver, Commerce, and Data Hub components. These flaws include an XML Signature Wrapping issue in SAML authentication, a memory corruption bug in the SAP kernel, a Spring Security HTTP header issue, and a directory traversal vulnerability in NetWeaver Application Server Java. The vulnerabilities could lead to sensitive information disclosure, memory corruption, denial-of-service, and disruption of normal system usage. Temporary mitigation for the XML Signature Wrapping flaw includes disabling SAML authentication. SAP has issued official patches for these critical issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SAP's June 2026 security update addresses 15 security notes, including four critical vulnerabilities affecting NetWeaver, Commerce, and Data Hub. The most severe is CVE-2026-44748, an XML Signature Wrapping vulnerability in SAML Authentication of NetWeaver AS ABAP and ABAP Platform, allowing authenticated attackers to tamper with signed XML identity information and gain unauthorized access. CVE-2026-27671 is a memory corruption vulnerability in the SAP kernel due to improper validation of the RFC protocol, enabling unauthenticated attackers to exploit logic errors in memory management. CVE-2026-22732 affects applications using the Spring Security framework, potentially causing HTTP headers not to be written properly. CVE-2026-40128 is a directory traversal vulnerability in NetWeaver Application Server Java (Web Container) that allows unauthenticated attackers to manipulate file inclusion parameters to access sensitive data or cause denial-of-service. SAP also patched multiple Apache Tomcat flaws and an authorization check issue in NetWeaver and ABAP Platform. Temporary mitigation for CVE-2026-44748 includes disabling SAML authentication. Official patches have been released by SAP.
Potential Impact
Exploitation of these vulnerabilities can lead to unauthorized disclosure of sensitive information, memory corruption, denial-of-service conditions, and disruption of normal system operations. The XML Signature Wrapping flaw allows attackers to modify signed identity information, potentially gaining unauthorized access to sensitive user data. Memory corruption vulnerabilities may allow attackers to execute arbitrary code or crash services. Directory traversal can expose sensitive files or cause service disruption. The Spring Security flaw may result in improper HTTP header handling, affecting application security.
Mitigation Recommendations
SAP has released official patches addressing these critical vulnerabilities. Organizations should apply the June 2026 SAP security notes promptly to remediate these issues. For CVE-2026-44748, temporarily disabling SAML authentication can mitigate the risk until patches are applied. No indication of 'no action required' or 'already mitigated' was provided by SAP, so applying official fixes is recommended. Monitor SAP advisories for updates and follow vendor guidance.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/sap-patches-critical-netweaver-commerce-vulnerabilities/","fetched":true,"fetchedAt":"2026-06-09T12:25:44.065Z","wordCount":1031}
Threat ID: 6a2806488dd33fbd852f62fa
Added to database: 6/9/2026, 12:25:44 PM
Last enriched: 6/9/2026, 12:25:59 PM
Last updated: 6/9/2026, 8:00:37 PM
Views: 19
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.