// #abap
3 articles
SAP Landscape Security Assessment: Managing NetWeaver Vulnerabilities Across Enterprise ERP Environments
CVE-2026-44748 (CVSS 9.9) in SAP NetWeaver ABAP is the second critical SAP vulnerability of 2026 affecting SAML authentication. Enterprise organisations running complex SAP landscapes with multiple NetWeaver instances face challenges in identifying which systems are affected, prioritising patching across landscape tiers, and assessing whether compromise indicators are present.
SAP June 2026 Security Patch Day: CVSS 9.9 SAML Authentication Bypass CVE-2026-44748 in NetWeaver ABAP
SAP's June 2026 Security Patch Day includes CVE-2026-44748, a CVSS 9.9 authentication bypass in SAP NetWeaver Application Server ABAP that allows unauthenticated remote attackers to forge SAML assertions and impersonate any user including system administrators. Twenty-one additional CVEs were patched, including three rated Critical.
SAP April 2026 Patch Day: CVE-2026-34256 ABAP Code-Overwrite Lets Authenticated Attacker Sabotage Core ERP Functions
SAP's April 2026 Security Patch Day includes a fix for CVE-2026-34256, an ABAP code-overwrite vulnerability rated CVSS 7.1 that allows an authenticated attacker with low-privilege access to modify executable ABAP programme objects, potentially corrupting core business logic in SAP ERP, S/4HANA, and BW systems. The flaw requires no special administrative roles and affects all SAP NetWeaver ABAP Server releases through the current patched version.