Authentication Bypass Vulnerability in SAP NetWeaver Application Server
CVE-2026-44748

9.9CRITICAL

Key Information:

Vendor

SAP

Vendor
CVE Published:
9 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2026-44748?

The SAP NetWeaver Application Server ABAP and ABAP Platform are susceptible to a vulnerability that allows authenticated attackers with standard permissions to exploit the system. They can obtain a valid signed message and send tampered signed XML documents to the verifier. This could enable unauthorized access to sensitive user data and disrupt normal system operations. Consequently, this vulnerability poses serious risks to the confidentiality, integrity, and availability of the application.

Affected Version(s)

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 702

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 731

SAP NetWeaver AS ABAP and ABAP Platform SAP_BASIS 740

News Articles

SAP fixes critical flaws in NetWeaver and Commerce Cloud

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud.

1 month ago

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.