Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

SAP released its May 2026 security updates for 15 vulnerabilities across Commerce Cloud, S/4HANA, and other products, including two critical flaws that can enable code execution and SQL injection. The bulletin matters because the flaws affect widely used enterprise software that could expose sensitive data or servers if exploited. SAP said it has no evidence of exploitation in the wild.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Microsoft April 2026 Patch Tuesday security updates (167 flaws)

Security Patch Release
First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...

Open Happening

CISA patch guidance for Zimbra and SharePoint flaws

Advisory/Mitigation
First: 19.03.2026 08:05 Last: 19.03.2026 08:05 Sources 1

About this happening: **CISA** told **FCEB agencies** to patch **two actively exploited vulnerabilities** in **Synacor Zimbra Collaboration Suite (ZCS)** and **Microsoft Office SharePoint**, creating i...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

SAP security patch release for CVE-2019-17571

Security Patch Release
First: 11.03.2026 14:26 Last: 11.03.2026 14:26 Sources 1

About this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...

Open Happening

Timeline

  1. 12.05.2026 14:04 2 articles · 15d ago

    SAP releases May 2026 security updates

    Initial Disclosure

    SAP released May 2026 security updates for Commerce Cloud, S/4HANA, and other products, addressing 15 vulnerabilities and shipping fixes for two critical flaws, CVE-2026-34263 and CVE-2026-34260.

    Show sources
    Open in new tab
  2. 12.05.2026 14:04 1 articles · 15d ago

    SAP details critical Commerce Cloud and S/4HANA flaws

    Technical Analysis Update

    SAP described CVE-2026-34263 as a missing authentication check in SAP Commerce Cloud that can enable unauthenticated code execution through malicious configuration upload and code injection, and CVE-2026-34260 as a low-complexity SQL injection that can expose sensitive database information and potentially crash the application.

    Show sources
    Open in new tab