OAuth2 Client Vulnerability in SAP Commerce Cloud
CVE-2026-44761
9.1CRITICAL
What is CVE-2026-44761?
SAP Commerce Cloud contains a vulnerability where a sample OAuth2 client, equipped with publicly available credentials from the SAP Help Portal documentation, may remain unchanged. This presents a significant security risk, as an unauthenticated attacker could utilize these predictable credentials to gain valid access tokens. Once obtained, the attacker can invoke certain APIs, potentially compromising confidentiality and integrity by accessing and altering sensitive data. Immediate attention to the configuration and management of these credentials is essential to prevent unauthorized access.
Affected Version(s)
SAP Commerce Cloud HY_COM 2205
SAP Commerce Cloud COM_CLOUD 2211
SAP Commerce Cloud 2211-JDK21