163
CVEs
22
Critical
19
High
0
KEV
0
PoC
36
Unpatched C/H
8.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
22
HIGH
19
MEDIUM
107
LOW
15
Monthly CVE Trend
Affected Products (30)
3D Visual Enterprise Viewer
128
Java
126
Netweaver
90
Netweaver Application Server Abap
72
Businessobjects Business Intelligence Platform
70
Netweaver Application Server Java
59
Businessobjects Business Intelligence
44
Hana
38
Open Redirect
34
Solution Manager
31
Business One
30
Adaptive Server Enterprise
29
3D Visual Enterprise Author
27
Internet Graphics Server
23
Netweaver Process Integration
21
Netweaver Enterprise Portal
20
Commerce Cloud
18
Netweaver Abap
18
Hana Extended Application Services
18
Businessobjects
17
Sap Basis
17
Disclosure Management
16
Business Objects Business Intelligence Platform
15
Host Agent
14
Enable Now
14
Customer Relationship Management Webclient Ui
12
Abap Platform
11
Supplier Relationship Management
11
Netweaver As Abap
11
Sap Kernel
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-44747 | Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack. | CRITICAL | 9.9 | 0.4% | 50 |
No patch
|
| CVE-2026-0501 | SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk. | CRITICAL | 9.9 | 0.1% | 50 |
No patch
|
| CVE-2026-27681 | SQL injection in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) allows authenticated users to execute arbitrary SQL commands against the database. Affected versions span SAP_BW 750-758, BPC4HANA 300, and HANABPC 810/816. The scope-change vector (S:C) indicates attackers can pivot beyond the vulnerable component to compromise database resources serving multiple SAP applications. Despite critical CVSS 9.9 severity, EPSS exploitation probability remains low (0.05%, 14th percentile) with CISA SSVC indicating no current exploitation and non-automatable attack profile. SAP security note 3719353 provides remediation guidance. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|
| CVE-2026-0488 | Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|
| CVE-2026-44748 | Signed XML message tampering in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated low-privileged attackers to forge identity information by capturing a valid signed message and submitting modified signed XML documents that the verifier accepts. The scope-changing flaw (CVSS 9.9) enables unauthorized access to sensitive user data and disruption of normal operations across trust boundaries. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|
| CVE-2026-27671 | Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2026-0500 | SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available. | CRITICAL | 9.6 | 0.1% | 48 |
|
| CVE-2026-34263 | Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2026-0509 | Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2026-34260 | SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2026-44761 | Authentication bypass via well-known default credentials in SAP Commerce Cloud allows an unauthenticated remote attacker to abuse a pre-provisioned sample OAuth2 client whose client ID and secret are published in SAP Help Portal documentation. If the sample client is left in place, the attacker mints a valid OAuth2 access token and calls certain APIs to read and modify business data (CVSS 9.1, high confidentiality and integrity impact, no availability impact). No public exploit identified at time of analysis, but the credentials are publicly documented, making exploitation trivial wherever the sample configuration was never removed. | CRITICAL | 9.1 | 0.4% | 46 |
No patch
|
| CVE-2025-42958 | Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-0498 | SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available. | CRITICAL | 9.1 | 0.1% | 46 |
|
| CVE-2026-0491 | SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-27685 | SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|