We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 45 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 45
System Types
Affected SAP© system types
3697099
CVSS
9.9
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0488] Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
3674774
CVSS
9.6
Affected system type
Kernel
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0509] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
3697979
CVSS
9.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/01/13
Description
[CVE-2026-0491] Code Injection vulnerability in SAP Landscape Transformation
3697567
CVSS
8.8
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23687] XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform
3705882
CVSS
7.7
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24322] Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
3697256
CVSS
7.7
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24325] Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
3703092
CVSS
7.7
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23689] Denial of service (DOS) in SAP Supply Chain Management
3678282
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0485] Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform
3654236
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0490] Denial of service (DOS) in SAP BusinessObjects BI Platform
3692405
CVSS
7.4
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2025-12383] Race Condition in SAP Commerce Cloud
3674246
CVSS
7.3
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0508] Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform
3688319
CVSS
6.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24328] Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
3678417
CVSS
6.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0505] Multiple vulnerabilities in BSP Applications of SAP Document Management System
3503138
CVSS
6.0
Affected system type
SAP GUI / Frontend
Patchday
2026-02
Released on
2025/01/14
Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
3689543
CVSS
5.9
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23684] Race condition vulnerability in SAP Commerce Cloud
3679346
CVSS
5.8
Affected system type
SAP Business One
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24319] Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)
3687771
CVSS
5.3
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24321] Information Disclosure vulnerability in SAP Commerce Cloud
3710111
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24312] Missing authorization check in SAP Business Workflow
3678009
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24326] Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)
3691645
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0486] Missing Authorization Check in ABAP based SAP systems
3687285
CVSS
4.4
Affected system type
Java
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23685] Insecure Deserialization vulnerability in SAP NetWeaver (JMS service)
3215823
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23688] Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
3680416
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23681] Missing Authorization check in a function module in SAP Support Tools Plug-In
3122486
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/01/27
Description
[CVE-2026-23683] Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)
3680390
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24327] Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)
3673213
CVSS
3.4
Affected system type
Java
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23686] CRLF Injection vulnerability in SAP NetWeaver Application Server Java
3678313
CVSS
3.1
Affected system type
Kernel
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24320] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
3687749
CVSS
9.9
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0501] SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials – General Ledger)
3668679
CVSS
9.6
Affected system type
SAP Solution Manager...
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0500] Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)
3683579
CVSS
9.6
Affected system type
SAP Commerce Cloud
Patchday
2026-01
Released on
2025/12/09
Description
Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud
3694242
CVSS
9.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0498] Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
3685286
CVSS
9.1
Affected system type
SAP Adaptive Server...
Patchday
2026-01
Released on
2025/12/09
Description
[CVE-2025-42928] Deserialization Vulnerability in SAP jConnect - SDK for ASE
3691059
CVSS
8.8
Affected system type
HANA
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0492] Privilege escalation vulnerability in SAP HANA database
3675151
CVSS
8.4
Affected system type
Kernel
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0507] OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK
3688703
CVSS
8.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0506] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
3565506
CVSS
8.1
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0511] Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)
3681523
CVSS
6.4
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0503] Missing Authorization check in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)
3666061
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0514] Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
3687372
CVSS
6.1
Affected system type
Java
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0499] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
3638716
CVSS
4.7
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0513] Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
3677111
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0497] Missing Authorization check in Business Server Pages Application (Product Designer Web UI)
3655229
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0493] Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
3655227
CVSS
4.3
Affected system type
ABAP
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0494] Information Disclosure vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
3657998
CVSS
3.8
Affected system type
IDM
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0504] Insufficient Input Handling in JNDI Operations of SAP Identity Management
3593356
CVSS
3.0
Affected system type
Java
Patchday
2026-01
Released on
2026/01/13
Description
[CVE-2026-0510] Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping