OAuth2 Client Vulnerability in SAP Commerce Cloud
CVE-2026-44761

9.1CRITICAL

Key Information:

Vendor

SAP

Vendor
CVE Published:
14 July 2026

What is CVE-2026-44761?

SAP Commerce Cloud contains a vulnerability where a sample OAuth2 client, equipped with publicly available credentials from the SAP Help Portal documentation, may remain unchanged. This presents a significant security risk, as an unauthenticated attacker could utilize these predictable credentials to gain valid access tokens. Once obtained, the attacker can invoke certain APIs, potentially compromising confidentiality and integrity by accessing and altering sensitive data. Immediate attention to the configuration and management of these credentials is essential to prevent unauthorized access.

Affected Version(s)

SAP Commerce Cloud HY_COM 2205

SAP Commerce Cloud COM_CLOUD 2211

SAP Commerce Cloud 2211-JDK21

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.