Threat Advisory

SAP NetWeaver Vulnerability Allows Remote Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A series of critical vulnerabilities has been identified within key enterprise software environments, necessitating immediate remediation across core infrastructure components. These flaws, which impact SAP NetWeaver and Commerce Cloud, carry CVSS scores as high as 9.9, posing significant risks of arbitrary code execution, unauthorized identity manipulation, and complete system compromise. Organizations relying on these platforms must treat these vulnerabilities as high-priority security concerns to maintain the integrity and confidentiality of sensitive business data and operational stability.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A series of critical vulnerabilities has been identified within key enterprise software environments, necessitating immediate remediation across core infrastructure components. These flaws, which impact SAP NetWeaver and Commerce Cloud, carry CVSS scores as high as 9.9, posing significant risks of arbitrary code execution, unauthorized identity manipulation, and complete system compromise. Organizations relying on these platforms must treat these vulnerabilities as high-priority security concerns to maintain the integrity and confidentiality of sensitive business data and operational stability.[emaillocker id="1283"]

  • CVE-2026-44748: This vulnerability involves an XML Signature Wrapping issue within the SAML authentication stack of the ABAP platform. An authenticated attacker can manipulate signed XML documents to present tampered identity information to the verifier, potentially bypassing authentication mechanisms. This exploitation allows for unauthorized access to sensitive user data and disruption of standard system operations.
  • CVE-2026-27671: A critical memory corruption vulnerability exists within the Application Server ABAP kernel. By sending specifically crafted RFC requests, an unauthenticated remote attacker can trigger logic errors in memory management. Successful exploitation can result in full system compromise through arbitrary code execution, making this a top-tier threat to the underlying server environment.
  • CVE-2026-22732: This vulnerability impacts the Spring Security framework utilized within Commerce Cloud and Data Hub. It enables unauthenticated attackers to bypass security controls by exploiting flaws in how HTTP response headers are handled. The resulting impact compromises the security posture of the application, affecting both confidentiality and integrity for exposed business platforms.
  • CVE-2026-40128: A directory traversal flaw resides in the Web Container of the NetWeaver Application Server Java. Unauthenticated attackers can submit malicious HTTP logon requests that traverse outside designated directories, allowing unauthorized access to sensitive files. This compromise can lead to the exposure of configuration data or facilitate further exploitation to cause a denial of service.

The effective mitigation of these threats requires the immediate application of vendor-supplied security patches to all affected systems. Administrators should prioritize patching the highest-rated vulnerabilities while simultaneously reviewing exposed services, SAML authentication flows, and RFC reachability to minimize the potential for follow-on exploitation.

RECOMMENDATION:

REFERENCES:

The following reports contain further technical details:
https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/

[/emaillocker]
crossmenu