We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 16
System Types
Affected SAP© system types
3747787
CVSS
10.0
Affected system type
BTP
Patchday
2026-05
Released on
2026/04/29
Description
3747787 - Malicious open-source packages in SAP Cloud Application Programming Model & MTA Build Tool
3733064
CVSS
9.6
Affected system type
SAP Commerce Cloud
Patchday
2026-05
Released on
2026/05/12
Description
3733064 - [CVE-2026-34263] Missing authentication check in SAP Commerce Cloud configuration
3724838
CVSS
9.6
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3724838 - [CVE-2026-34260] SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)
3730019
CVSS
6.5
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3730019 - [CVE-2026-40135] OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
3718083
CVSS
6.3
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3718083 - [CVE-2026-40133] Missing Authorization check in SAP S/4HANA Condition Maintenance
3727717
CVSS
6.1
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3727717 - [CVE-2026-40137] Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
3667593
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2026-05
Released on
2026/05/12
Description
3667593 - [CVE-2026-0502] Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
3721959
CVSS
5.4
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3721959 - [CVE-2026-40132] Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
3716450
CVSS
4.8
Affected system type
SAP Commerce Cloud
Patchday
2026-05
Released on
2026/05/12
Description
3716450 - [CVE-2025-68161] Potential Improper Certificate Validation in SAP Commerce Cloud (Apache Log4j)
3726583
CVSS
4.7
Affected system type
SAP UI5
Patchday
2026-05
Released on
2026/05/12
Description
3726583 - [CVE-2026-34258] Content Spoofing vulnerability in SAPUI5 (Search UI)
3728690
CVSS
4.7
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3728690 - [CVE-2026-27682] Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)
3433366
CVSS
4.3
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/26
Description
[CVE-2026-44749] Information Disclosure vulnerability in SAP Gateway
3718508
CVSS
4.3
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3718508 - [CVE-2026-40134] Missing Authorization Check in SAP Incentive and Commission Management
3735359
CVSS
4.3
Affected system type
ABAP
Patchday
2026-05
Released on
2026/05/12
Description
3735359 - [CVE-2026-40129] Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform
3713521
CVSS
4.3
Affected system type
SAP Financial Consolidation
Patchday
2026-05
Released on
2026/05/12
Description
3713521 - [CVE-2026-40136] Denial of service (DoS) in SAP Financial Consolidation
3726962
CVSS
3.4
Affected system type
HANA platform
Patchday
2026-05
Released on
2026/05/12
Description
3726962 - [CVE-2026-40131] SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library