Find notable cyber news and cases, enriched with sources, timelines, and signals.

SAP security patch release for CVE-2026-44747

Security Patch Release
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

SAP's July 2026 security updates now cover multiple vulnerabilities, including a critical SAP NetWeaver Application Server ABAP flaw. The bundle includes CVE-2026-44747, CVE-2026-27690, and CVE-2026-44761, spanning memory corruption, request smuggling, and default-credential exposure. SAP and Onapsis also provided a temporary workaround for the ABAP issue, but the recommended path is to install the ABAP Kernel patch. No evidence of exploitation in the wild was identified.

Related Happenings

SAP NetWeaver Application Server ABAP SICF workaround for CVE-2026-44747

Advisory/Mitigation
H score40 First: 14.07.2026 21:17 Last: 14.07.2026 21:17 Sources 1

How related: "As a temporary workaround the note proposes to disable all ICF nodes with a specific property in transaction SICF," SAP security firm Onapsis said. "Since the workaround will disable opening transactions in SAP GUI for HTML, it is not an option for all customers and it is strongly recommended to install the patching ABAP Kernel version."

About this happening: **SAP NetWeaver Application Server ABAP** customers now have a temporary workaround for **CVE-2026-44747** that can reduce exposure to **memory corruption**. The mitigation disabl...

SAP July 2026 security updates

Security Patch Release
H score31 First: 14.07.2026 14:42 Last: 14.07.2026 14:42 Sources 1

About this happening: SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...

SAP July 2026 security patch day

Security Patch Release
H score40 First: 14.07.2026 14:17 Last: 14.07.2026 14:17 Sources 1

About this happening: **SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...

Fortinet security patch release for CVE-2026-25089

Security Patch Release
H score44 First: 10.06.2026 18:10 Last: 10.06.2026 18:10 Sources 1

About this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...

Latest development: 11.06.2026 09:20

Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.

SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud

Security Patch Release
H score24 First: 09.06.2026 22:36 Last: 09.06.2026 22:36 Sources 1

About this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...

Timeline

  1. 14.07.2026 21:17 2 articles · 4h ago

    SAP issues July 2026 security updates for multiple critical vulnerabilities

    Mitigation Patch Update

    SAP rolled out July 2026 security updates that address CVE-2026-44747 in SAP NetWeaver Application Server ABAP, CVE-2026-27690 in SAP Approuter deployments in non-Cloud Foundry environments, and CVE-2026-44761 in SAP Commerce Cloud. SAP and Onapsis described a temporary workaround for the ABAP issue that disables ICF nodes with a specific property in transaction SICF, but recommended installing the patching ABAP Kernel version instead. Customers were also advised to audit production environments for the affected sample OAuth 2.0 client and remove it if present, and there was no evidence of exploitation in the wild.

    Show sources