SAP NetWeaver Application Server ABAP SICF workaround for CVE-2026-44747
Advisory/Mitigation
Summary
Hide ▲
Show ▼
SAP NetWeaver Application Server ABAP customers now have a temporary workaround for CVE-2026-44747 that can reduce exposure to memory corruption. The mitigation disables specific ICF nodes in transaction SICF, which may break SAP GUI for HTML opening transactions. Because the workaround is disruptive, the guidance strongly recommends installing the ABAP Kernel patch.
Related Happenings
SAP security patch release for CVE-2026-44747
Security Patch Release
H score40
First: 14.07.2026 21:17
Last: 14.07.2026 21:17
Sources 1
How related:
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP.
About this happening:
SAP's **July 2026 security updates** now cover **multiple vulnerabilities**, including a critical **SAP NetWeaver Application Server ABAP** flaw. The bundle includes **CVE-2026-44...
SAP security patch release for CVE-2026-44747
Security Patch ReleaseHow related: SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP.
About this happening: SAP's **July 2026 security updates** now cover **multiple vulnerabilities**, including a critical **SAP NetWeaver Application Server ABAP** flaw. The bundle includes **CVE-2026-44...
SAP July 2026 security updates
Security Patch Release
H score31
First: 14.07.2026 14:42
Last: 14.07.2026 14:42
Sources 1
About this happening:
SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...
SAP July 2026 security updates
Security Patch ReleaseAbout this happening: SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...
SAP NetWeaver Application Server ABAP memory corruption memory corruption flaw (CVE-2026-44747)
Vulnerability
H score35
First: 14.07.2026 14:17
Last: 14.07.2026 14:17
Sources 1
How related:
The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability.
About this happening:
SAP's **July 2026 security patch day** resolved **CVE-2026-44747**, a **memory corruption bug** in **NetWeaver Application Server ABAP** that could let attackers **access and modi...
SAP NetWeaver Application Server ABAP memory corruption memory corruption flaw (CVE-2026-44747)
VulnerabilityHow related: The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability.
About this happening: SAP's **July 2026 security patch day** resolved **CVE-2026-44747**, a **memory corruption bug** in **NetWeaver Application Server ABAP** that could let attackers **access and modi...
SAP July 2026 security patch day
Security Patch Release
H score40
First: 14.07.2026 14:17
Last: 14.07.2026 14:17
Sources 1
About this happening:
**SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...
SAP July 2026 security patch day
Security Patch ReleaseAbout this happening: **SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...
Fortinet security patch release for CVE-2026-25089
Security Patch Release
H score44
First: 10.06.2026 18:10
Last: 10.06.2026 18:10
Sources 1
About this happening:
**Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Fortinet security patch release for CVE-2026-25089
Security Patch ReleaseAbout this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Latest development: 11.06.2026 09:20
Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.
Timeline
-
14.07.2026 21:17 2 articles · 4h ago
SAP recommends SICF workaround for CVE-2026-44747
Mitigation Patch UpdateGuidance for CVE-2026-44747 advised disabling all ICF nodes with a specific property in transaction SICF as a temporary workaround for SAP NetWeaver Application Server ABAP, while also recommending installation of the patching ABAP Kernel version because the workaround can disable opening transactions in SAP GUI for HTML.
Show sources
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data — thehackernews.com — 14.07.2026 21:17
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data — thehackernews.com — 14.07.2026 21:17