SAP Patches Four Critical Flaws in NetWeaver and Commerce Cloud — One Lets Attackers Bypass Authentication Entirely
SAP’s June 2026 patch package fixes 15 vulnerabilities including four critical flaws in NetWeaver and Commerce Cloud. CVE-2026-44748 (CVSS 9.9) lets attackers bypass SAML authentication, while CVE-2026-27671 (CVSS 9.8) enables unauthenticated memory corruption.