Skip to main content

Sap Netweaver Application Server Abap CVE-2026-44747

| EUVDEUVD-2026-43586 CRITICAL
Out-of-bounds Write (CWE-787)
2026-07-14 sap GHSA-wpx3-vvrc-3w8m
9.9
CVSS 3.1 · Vendor: sap
Share

Severity by source

Vendor (sap) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (sap) · only source for this CVE.

CVSS VectorVendor: sap

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 01:17 vuln.today
CVE Published
Jul 14, 2026 - 00:19 cve.org
CRITICAL 9.9

DescriptionCVE.org

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.

AnalysisAI

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours, identify and catalog all production and development SAP NetWeaver ABAP instances, audit which users hold authentication credentials, and revoke or strictly limit access permissions for non-critical accounts; simultaneously activate detailed logging of database transactions and system-level API calls to generate forensic evidence if exploitation occurs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44747 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy