Find notable cyber news and cases, enriched with sources, timelines, and signals.

SAP NetWeaver Application Server ABAP SICF workaround for CVE-2026-44747

Advisory/Mitigation
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

SAP NetWeaver Application Server ABAP customers now have a temporary workaround for CVE-2026-44747 that can reduce exposure to memory corruption. The mitigation disables specific ICF nodes in transaction SICF, which may break SAP GUI for HTML opening transactions. Because the workaround is disruptive, the guidance strongly recommends installing the ABAP Kernel patch.

Related Happenings

SAP security patch release for CVE-2026-44747

Security Patch Release
H score40 First: 14.07.2026 21:17 Last: 14.07.2026 21:17 Sources 1

How related: SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP.

About this happening: SAP's **July 2026 security updates** now cover **multiple vulnerabilities**, including a critical **SAP NetWeaver Application Server ABAP** flaw. The bundle includes **CVE-2026-44...

SAP July 2026 security updates

Security Patch Release
H score31 First: 14.07.2026 14:42 Last: 14.07.2026 14:42 Sources 1

About this happening: SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...

SAP NetWeaver Application Server ABAP memory corruption memory corruption flaw (CVE-2026-44747)

Vulnerability
H score35 First: 14.07.2026 14:17 Last: 14.07.2026 14:17 Sources 1

How related: The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability.

About this happening: SAP's **July 2026 security patch day** resolved **CVE-2026-44747**, a **memory corruption bug** in **NetWeaver Application Server ABAP** that could let attackers **access and modi...

SAP July 2026 security patch day

Security Patch Release
H score40 First: 14.07.2026 14:17 Last: 14.07.2026 14:17 Sources 1

About this happening: **SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...

Fortinet security patch release for CVE-2026-25089

Security Patch Release
H score44 First: 10.06.2026 18:10 Last: 10.06.2026 18:10 Sources 1

About this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...

Latest development: 11.06.2026 09:20

Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.

Timeline

  1. 14.07.2026 21:17 2 articles · 4h ago

    SAP recommends SICF workaround for CVE-2026-44747

    Mitigation Patch Update

    Guidance for CVE-2026-44747 advised disabling all ICF nodes with a specific property in transaction SICF as a temporary workaround for SAP NetWeaver Application Server ABAP, while also recommending installation of the patching ABAP Kernel version because the workaround can disable opening transactions in SAP GUI for HTML.

    Show sources