SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
SAP released its May 2026 security updates for 15 vulnerabilities across Commerce Cloud, S/4HANA, and other products, including two critical flaws that can enable code execution and SQL injection. The bulletin matters because the flaws affect widely used enterprise software that could expose sensitive data or servers if exploited. SAP said it has no evidence of exploitation in the wild.
Related Happenings
Splunk Enterprise security update for CVE-2026-20253
Security Patch Release
H score52
First: 13.06.2026 16:23
Last: 13.06.2026 16:23
Sources 1
About this happening:
**Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Splunk Enterprise security update for CVE-2026-20253
Security Patch ReleaseAbout this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Fortinet security patch release for CVE-2026-25089
Security Patch Release
H score44
First: 10.06.2026 18:10
Last: 10.06.2026 18:10
Sources 1
About this happening:
**Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Fortinet security patch release for CVE-2026-25089
Security Patch ReleaseAbout this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Latest development: 11.06.2026 09:20
Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch Release
H score24
First: 09.06.2026 22:36
Last: 09.06.2026 22:36
Sources 1
About this happening:
**SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch ReleaseAbout this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Microsoft April 2026 Patch Tuesday security updates (167 flaws)
Security Patch Release
H score55
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...
Microsoft April 2026 Patch Tuesday security updates (167 flaws)
Security Patch ReleaseAbout this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...
Timeline
-
12.05.2026 14:04 2 articles · 1mo ago
SAP releases May 2026 security updates
Initial DisclosureSAP released May 2026 security updates for Commerce Cloud, S/4HANA, and other products, addressing 15 vulnerabilities and shipping fixes for two critical flaws, CVE-2026-34263 and CVE-2026-34260.
Show sources
- SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA — www.bleepingcomputer.com — 12.05.2026 14:04
- SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA — www.bleepingcomputer.com — 12.05.2026 14:04
-
12.05.2026 14:04 1 articles · 1mo ago
SAP details critical Commerce Cloud and S/4HANA flaws
Technical Analysis UpdateSAP described CVE-2026-34263 as a missing authentication check in SAP Commerce Cloud that can enable unauthenticated code execution through malicious configuration upload and code injection, and CVE-2026-34260 as a low-complexity SQL injection that can expose sensitive database information and potentially crash the application.
Show sources
- SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA — www.bleepingcomputer.com — 12.05.2026 14:04