SAP security patch release for CVE-2026-44747
Security Patch Release
Summary
Hide ▲
Show ▼
SAP's July 2026 security updates now cover multiple vulnerabilities, including a critical SAP NetWeaver Application Server ABAP flaw. The bundle includes CVE-2026-44747, CVE-2026-27690, and CVE-2026-44761, spanning memory corruption, request smuggling, and default-credential exposure. SAP and Onapsis also provided a temporary workaround for the ABAP issue, but the recommended path is to install the ABAP Kernel patch. No evidence of exploitation in the wild was identified.
Related Happenings
SAP NetWeaver Application Server ABAP SICF workaround for CVE-2026-44747
Advisory/Mitigation
H score40
First: 14.07.2026 21:17
Last: 14.07.2026 21:17
Sources 1
How related:
"As a temporary workaround the note proposes to disable all ICF nodes with a specific property in transaction SICF," SAP security firm Onapsis said. "Since the workaround will disable opening transactions in SAP GUI for HTML, it is not an option for all customers and it is strongly recommended to install the patching ABAP Kernel version."
About this happening:
**SAP NetWeaver Application Server ABAP** customers now have a temporary workaround for **CVE-2026-44747** that can reduce exposure to **memory corruption**. The mitigation disabl...
SAP NetWeaver Application Server ABAP SICF workaround for CVE-2026-44747
Advisory/MitigationHow related: "As a temporary workaround the note proposes to disable all ICF nodes with a specific property in transaction SICF," SAP security firm Onapsis said. "Since the workaround will disable opening transactions in SAP GUI for HTML, it is not an option for all customers and it is strongly recommended to install the patching ABAP Kernel version."
About this happening: **SAP NetWeaver Application Server ABAP** customers now have a temporary workaround for **CVE-2026-44747** that can reduce exposure to **memory corruption**. The mitigation disabl...
SAP July 2026 security updates
Security Patch Release
H score31
First: 14.07.2026 14:42
Last: 14.07.2026 14:42
Sources 1
About this happening:
SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...
SAP July 2026 security updates
Security Patch ReleaseAbout this happening: SAP's **July 2026 security updates** address **16 vulnerabilities** across **NetWeaver, Commerce Cloud, and AppRouter**, including **three critical flaws**. The release closes a *...
SAP July 2026 security patch day
Security Patch Release
H score40
First: 14.07.2026 14:17
Last: 14.07.2026 14:17
Sources 1
About this happening:
**SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...
SAP July 2026 security patch day
Security Patch ReleaseAbout this happening: **SAP** released **19 new and updated security notes** for its **July 2026 security patch day**, covering **NetWeaver**, **Approuter**, **Commerce Cloud**, and other products with...
Fortinet security patch release for CVE-2026-25089
Security Patch Release
H score44
First: 10.06.2026 18:10
Last: 10.06.2026 18:10
Sources 1
About this happening:
**Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Fortinet security patch release for CVE-2026-25089
Security Patch ReleaseAbout this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Latest development: 11.06.2026 09:20
Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch Release
H score24
First: 09.06.2026 22:36
Last: 09.06.2026 22:36
Sources 1
About this happening:
**SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch ReleaseAbout this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
Timeline
-
14.07.2026 21:17 2 articles · 4h ago
SAP issues July 2026 security updates for multiple critical vulnerabilities
Mitigation Patch UpdateSAP rolled out July 2026 security updates that address CVE-2026-44747 in SAP NetWeaver Application Server ABAP, CVE-2026-27690 in SAP Approuter deployments in non-Cloud Foundry environments, and CVE-2026-44761 in SAP Commerce Cloud. SAP and Onapsis described a temporary workaround for the ABAP issue that disables ICF nodes with a specific property in transaction SICF, but recommended installing the patching ABAP Kernel version instead. Customers were also advised to audit production environments for the affected sample OAuth 2.0 client and remove it if present, and there was no evidence of exploitation in the wild.
Show sources
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data — thehackernews.com — 14.07.2026 21:17
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data — thehackernews.com — 14.07.2026 21:17