We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 29 and the highest
CVSS
score is 9.9.
Severity
SAP© Security advisories 29
System Types
Affected SAP© system types
3697099
CVSS
9.9
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0488] Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
3674774
CVSS
9.6
Affected system type
Kernel
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0509] Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
3697979
CVSS
9.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/01/13
Description
[CVE-2026-0491] Code Injection vulnerability in SAP Landscape Transformation
3697567
CVSS
8.8
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23687] XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform
3705882
CVSS
7.7
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24322] Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
3697256
CVSS
7.7
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24325] Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
3703092
CVSS
7.7
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23689] Denial of service (DOS) in SAP Supply Chain Management
3678282
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0485] Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform
3654236
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0490] Denial of service (DOS) in SAP BusinessObjects BI Platform
3692405
CVSS
7.4
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2025-12383] Race Condition in SAP Commerce Cloud
3674246
CVSS
7.3
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0508] Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform
3672622
CVSS
6.5
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0484] Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA
3695912
CVSS
6.5
Affected system type
BI/BO platform
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24324] Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)
3678417
CVSS
6.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0505] Multiple vulnerabilities in BSP Applications of SAP Document Management System
3688319
CVSS
6.1
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24328] Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
3503138
CVSS
6.0
Affected system type
SAP GUI / Frontend
Patchday
2026-02
Released on
2025/01/14
Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
3689543
CVSS
5.9
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23684] Race condition vulnerability in SAP Commerce Cloud
3679346
CVSS
5.8
Affected system type
SAP Business One
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24319] Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)
3687771
CVSS
5.3
Affected system type
SAP Commerce Cloud
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24321] Information Disclosure vulnerability in SAP Commerce Cloud
3710111
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24312] Missing authorization check in SAP Business Workflow
3678009
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24326] Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)
3691645
CVSS
5.2
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-0486] Missing Authorization Check in ABAP based SAP systems
3687285
CVSS
4.4
Affected system type
Java
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23685] Insecure Deserialization vulnerability in SAP NetWeaver (JMS service)
3680416
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23681] Missing Authorization check in a function module in SAP Support Tools Plug-In
3215823
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23688] Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
3680390
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24327] Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)
3122486
CVSS
4.3
Affected system type
ABAP
Patchday
2026-02
Released on
2026/01/27
Description
[CVE-2026-23683] Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)
3673213
CVSS
3.4
Affected system type
Java
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-23686] CRLF Injection vulnerability in SAP NetWeaver Application Server Java
3678313
CVSS
3.1
Affected system type
Kernel
Patchday
2026-02
Released on
2026/02/10
Description
[CVE-2026-24320] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)