// #cve-2026-44748

2 articles

SAP Landscape Security Assessment: Managing NetWeaver Vulnerabilities Across Enterprise ERP Environments

CVE-2026-44748 (CVSS 9.9) in SAP NetWeaver ABAP is the second critical SAP vulnerability of 2026 affecting SAML authentication. Enterprise organisations running complex SAP landscapes with multiple NetWeaver instances face challenges in identifying which systems are affected, prioritising patching across landscape tiers, and assessing whether compromise indicators are present.

Jun 12, 2026 #sap +8

⚖️ Risk Mgmt

SAP June 2026 Security Patch Day: CVSS 9.9 SAML Authentication Bypass CVE-2026-44748 in NetWeaver ABAP

SAP's June 2026 Security Patch Day includes CVE-2026-44748, a CVSS 9.9 authentication bypass in SAP NetWeaver Application Server ABAP that allows unauthenticated remote attackers to forge SAML assertions and impersonate any user including system administrators. Twenty-one additional CVEs were patched, including three rated Critical.

Jun 9, 2026 #sap +8