All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

SAP Issues Critical Security Patches for NetWeaver, Commerce, and Data Hub Vulnerabilities

11h ago· 2 min readenNews
Bagel score 55 of 100
55/100
Doughy
Bagelometer

All dough, no crust. Filling but forgettable.

Score55TypenewsSentimentnegative

Summary

SAP released 15 security patches on Tuesday, including four critical-severity fixes. The most severe is CVE-2026-44748 (CVSS 9.9), an XML Signature Wrapping flaw in NetWeaver's SAML authentication allowing authenticated attackers to access sensitive data. CVE-2026-27671 (CVSS 9.8) is a memory corruption bug in NetWeaver and ABAP Platform from improper RFC validation. CVE-2026-22732 (CVSS 9.1) affects Spring Security applications where HTTP response headers may not be written. CVE-2026-40128 (CVSS 9.0) is a directory traversal vulnerability in NetWeaver Application Server Java Web Container enabling unauthenticated file inclusion manipulation.

Key quotes

· 4 pulled
SAP released 15 new security notes on Tuesday, including four critical-severity fixes affecting NetWeaver, Commerce, and Data Hub.
CVE-2026-44748 (CVSS 9.9) is an XML Signature Wrapping flaw in SAML Authentication of NetWeaver AS ABAP and ABAP Platform, where authenticated attackers can modify signed XML identity data to gain access to sensitive user information and disrupt usage.
CVE-2026-27671 (CVSS 9.8) is a memory corruption issue in NetWeaver and ABAP Platform caused by improper RFC protocol validation, enabling unauthenticated crafted requests to trigger memory management logic errors.
CVE-2026-40128 (CVSS 9.0), a directory traversal vulnerability in NetWeaver Application Server Java (Web Container) that allows unauthenticated malicious HTTP logon requests to manipulate file inclusion parameters.
Snippet from the RSS feed
SAP released 15 new security notes on Tuesday, including four critical-severity fixes affecting NetWeaver, Commerce, and Data Hub. CVE-2026-44748 (CVSS 9.9) is an XML Signature Wrapping flaw in SAML Authentication of NetWeaver AS ABAP and ABAP Platform, w

You might also wanna read

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Critical Security Vulnerabilities (6 CVEs) Announced for Dnsmasq - Patches Available

A critical security announcement from Simon Kelley, the maintainer of dnsmasq, regarding six serious CVEs (security vulnerabilities) being r

lists.thekelleys.org.uk·28d ago

Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained

This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e

andrewlock.net·7mo ago

Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)

watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control

watchTowr Labs·1mo ago

Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution

The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio

react.dev·6mo ago

cPanel Issues Second Emergency Patch After Ransomware Attack Compromised 44,000 Servers

cPanel issued a second emergency security patch (TSR) on May 8, 2026, just ten days after a ransomware attack exploited CVE-2026-41940 to co

Copahost·1mo ago