1 article
SAP's May 2026 Security Patch Day addresses 14 vulnerabilities including two Critical-rated flaws: a SQL injection in S/4HANA Enterprise Search (CVE-2026-34260, CVSS 9.6) and an unauthenticated remote code execution in Commerce Cloud's Spring Security configuration (CVE-2026-34263, CVSS 9.6). Organisations running SAP ERP or e-commerce infrastructure should patch immediately.