SAP Security Update July 2026 – Patch for Critical SAP NetWeaver Flaw that Enables Memory Corruption

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

SAP has released its July 2026 Security Patch Day updates, addressing a critical memory corruption vulnerability in the SAP NetWeaver Application Server ABAP.

The most severe issue, tracked as CVE-2026-44747, has a CVSS score of 9.9 and affects multiple SAP kernel versions used in enterprise environments.

On July 14, SAP published 16 new security notes and one GitHub security advisory, along with three updates to previously released notes. Administrators are urged to review the affected systems and apply the fixes as a priority through the SAP Support Portal.

The critical NetWeaver ABAP flaw is outlined in SAP Security Note 3747367. CVE-2026-44747 is described as a memory corruption vulnerability that can occur when an application improperly handles memory operations.

This could potentially allow an attacker to change program execution, access sensitive information, crash services, or execute malicious code under certain conditions.

The vulnerability impacts several SAP kernel and NetWeaver versions, including KRNL64NUC and KRNL64UC 7.22 and 7.22EXT, as well as kernel versions 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19, and 9.20.

Organizations should verify the specific software components and patch levels in their SAP landscape before applying the correction.

The assigned CVSS vector indicates that exploitation is network-based, requires low attack complexity, and demands low privileges, with no user interaction needed.

SAP Security Update July 2026

Successful exploitation could significantly impact confidentiality, integrity, and availability. Additionally, the attack scope has changed, meaning a compromised component may affect resources beyond its original security boundary.

SAP’s July Patch Day also addresses two other critical vulnerabilities. CVE-2026-27690 is an HTTP request smuggling flaw in SAP Approuter versions earlier than 20.10.0, rated 9.1.

Attackers may exploit request smuggling to bypass front-end security controls or interfere with how back-end systems process HTTP requests.

Another critical issue, CVE-2026-44761, affects SAP Commerce Cloud releases HY_COM 2205, COM_CLOUD 2211, and 2211-JDK21.

This flaw stems from insecure sample credentials and has a CVSS score of 9.1. Default, exposed, or inadequately protected credentials can enable unauthorized access to affected environments.

SAP also updated its June security note for CVE-2026-40128, a directory traversal vulnerability in the SAP NetWeaver Application Server Java Web Container.

This vulnerability carries a CVSS score of 9.0. It may allow attackers to access or modify files outside of an intended directory path.

Security teams should prioritize SAP Note 3747367, validate kernel compatibility, test patches in non-production environments, and schedule accelerated deployment for internet-facing or business-critical NetWeaver instances.

SAP Note CVE Vulnerability Affected Product Priority CVSS
3747367 CVE-2026-44747 Memory Corruption SAP NetWeaver Application Server ABAP Critical 9.9
3720138 CVE-2026-27690 HTTP Request Smuggling SAP Approuter Critical 9.1
3753495 CVE-2026-44761 Insecure Sample Credentials SAP Commerce Cloud Critical 9.1
3727078 CVE-2026-40128 Directory Traversal SAP NetWeaver AS Java Web Container Critical 9.0
3758101 CVE-2026-40860, CVE-2026-40453, CVE-2026-33454 Multiple Apache Camel vulnerabilities SAP Integration Suite Edge Integration Cell High 8.8
3692165 CVE-2026-0487 DLL Hijacking SAProuter for Microsoft Windows High 8.4
3748227 CVE-2026-44752 Cross-Site Scripting SAP NetWeaver AS Java Configuration Wizard High 8.2
3741519 CVE-2026-44745 Open Redirect SAP Approuter High 8.1
3763800 CVE-2026-43512, CVE-2026-41293, CVE-2026-43515 Multiple Apache Tomcat vulnerabilities SAP Commerce Cloud High 8.1
3773304 CVE-2026-58233 Remote Code Execution SAP Change and Transport System Attach Tool (ctsattach) High 7.6
3746678 CVE-2026-44759 Cross-Site Scripting SAP NetWeaver Enterprise Portal Medium 6.1
GHSA-p8gx-753q-v89p CVE-2026-44767 Allowlist Bypass / Cross-Origin CSS Injection UI5 Web Components Base Medium 6.1
3537373 CVE-2026-44769 SQL Injection SAP S/4HANA Project Management (PPM-PRO) Medium 5.5
3754659 CVE-2026-44760 Cross-Site Scripting SAP NetWeaver AS ABAP Business Server Pages Medium 4.7
3515598 CVE-2026-44771 Missing Authorization Check SAP S/4HANA Draft Operation Medium 4.3
3713902 CVE-2026-44770 Missing Authorization Check SAP S/4HANA Create Single Payment Medium 4.3
3682699 CVE-2026-24315 Path Traversal SAP Fiori Launchpad Medium 4.2
3155685 CVE-2026-44768 Security Misconfiguration SAP CRM WebClient UI Medium 4.1
3732522 CVE-2026-44753 Information Disclosure SAP HANA Extended Application Services, classic model Low 3.7
3726899 CVE-2025-68161 Potential Apache Log4j library vulnerability SAP NetWeaver AS Java Low 3.3

They should also restrict unnecessary network access to SAP application servers, review privileged accounts, monitor system logs for abnormal activity, and ensure backups are available before maintenance.

SAP Security Patch Days provide the vendor’s regular channel for publishing corrective Security Notes, and SAP recommends that customers review and implement relevant notes to protect their SAP landscapes.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.