Find notable cyber news and cases, enriched with sources, timelines, and signals.

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

SAP released its May 2026 security updates for 15 vulnerabilities across Commerce Cloud, S/4HANA, and other products, including two critical flaws that can enable code execution and SQL injection. The bulletin matters because the flaws affect widely used enterprise software that could expose sensitive data or servers if exploited. SAP said it has no evidence of exploitation in the wild.

Related Happenings

Splunk Enterprise security update for CVE-2026-20253

Security Patch Release
H score52 First: 13.06.2026 16:23 Last: 13.06.2026 16:23 Sources 1

About this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...

Fortinet security patch release for CVE-2026-25089

Security Patch Release
H score44 First: 10.06.2026 18:10 Last: 10.06.2026 18:10 Sources 1

About this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...

Latest development: 11.06.2026 09:20

Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.

SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud

Security Patch Release
H score24 First: 09.06.2026 22:36 Last: 09.06.2026 22:36 Sources 1

About this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Microsoft April 2026 Patch Tuesday security updates (167 flaws)

Security Patch Release
H score55 First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...

Timeline

  1. 12.05.2026 14:04 2 articles · 1mo ago

    SAP releases May 2026 security updates

    Initial Disclosure

    SAP released May 2026 security updates for Commerce Cloud, S/4HANA, and other products, addressing 15 vulnerabilities and shipping fixes for two critical flaws, CVE-2026-34263 and CVE-2026-34260.

    Show sources
  2. 12.05.2026 14:04 1 articles · 1mo ago

    SAP details critical Commerce Cloud and S/4HANA flaws

    Technical Analysis Update

    SAP described CVE-2026-34263 as a missing authentication check in SAP Commerce Cloud that can enable unauthenticated code execution through malicious configuration upload and code injection, and CVE-2026-34260 as a low-complexity SQL injection that can expose sensitive database information and potentially crash the application.

    Show sources