July 2026 · 17 notes

Patch Intelligence

SAP Security Patches

Every SAP Security Note from Patch Tuesday, ranked by what actually matters to your landscape. Tier 1 products are in almost every SAP shop — missing a patch there is career-ending for BASIS admins.

3

Critical

6

High

7

Medium

1

Low

Severity
Timing

Tier 1 · Always covered

7 patches

Products in virtually every SAP environment. Patch these first, every month.

T12026-07-14
SAP NetWeaver

Memory Corruption in SAP NetWeaver AS ABAP Internet Transaction Server

A memory corruption vulnerability in the Internet Transaction Server (ITS) component of SAP NetWeaver AS ABAP allows a remote attacker to send specially crafted HTTP requests that corrupt memory, enabling arbitrary code execution. Successful exploitation compromises confidentiality, integrity, and availability of the affected system. The CVSS 9.9 score reflects broad version coverage and low exploit complexity.

🔴Patch immediately
#3747367CVSS 9.9
T12026-07-14
SAP NetWeaver

Cross-Site Scripting in SAP NetWeaver AS Java Configuration Wizard

Unauthenticated cross-site scripting vulnerability in the Configuration Wizard component of SAP NetWeaver Application Server Java. An attacker can craft a malicious URL targeting the Configuration Wizard that, when visited by an authenticated administrator, executes scripts in the victim's browser context — potentially enabling session hijacking or administrative action injection.

#3748227CVSS 8.2
T12026-07-14
SAP NetWeaver

Remote Code Execution in SAP Change and Transport System Attach Tool

An insecure deserialization vulnerability in the SAP Change and Transport System Attach Tool (ctsattach) allows an attacker with network access to the tool to send a maliciously crafted payload that triggers remote code execution on the server hosting ctsattach. The CTS Attach Tool is used for attaching external systems to the SAP Change and Transport System.

#3773304CVSS 7.6
T12026-07-14
SAP NetWeaver

Open Redirect in SAP NetWeaver AS ABAP Internet Transaction Server

An open redirect vulnerability in the Internet Transaction Server (ITS) component of SAP NetWeaver AS ABAP allows an unauthenticated attacker to craft a URL that redirects users to an external attacker-controlled domain, enabling phishing attacks targeting SAP users.

#3692004CVSS 6.1
T12026-07-14
SAP NetWeaver

Cross-Site Scripting in SAP NetWeaver AS ABAP Business Server Pages

Cross-site scripting vulnerability in the Business Server Pages (BSP) component of SAP NetWeaver AS ABAP. An attacker can craft a URL targeting a BSP application that, when visited by an authenticated user, executes scripts in the victim's browser context.

#3754659CVSS 4.7
T12026-07-14
SAP S/4HANA

Missing Authorization Check in SAP S/4HANA Draft Operations

Missing authorisation check in the Draft Operations functionality within the Cash and Liquidity Management component of SAP S/4HANA. An authenticated user can access or modify draft financial documents beyond their intended authorisation scope.

#3515598CVSS 4.3
T12026-07-14
SAP S/4HANA

Missing Authorization Check in SAP S/4HANA Single Payment

Missing authorisation check in the Single Payment functionality of SAP S/4HANA Accounts Payable Fiori app. An authenticated attacker can initiate or view payment transactions beyond their intended authorisation, potentially triggering or viewing financial payments without proper approval.

#3713902CVSS 4.3

Tier 2 · Covered when notable

8 patches

Products with real deployments that have something worth acting on this month.

T22026-07-14
SAP Approuter

HTTP Request Smuggling in SAP Approuter

An HTTP request smuggling vulnerability in SAP Approuter allows an unauthenticated remote attacker to inject malicious HTTP requests that are interpreted differently by the Approuter and the upstream application server. This can be used to bypass security controls, hijack authenticated sessions, or poison server-side caches. Exploitable in non-Cloud Foundry deployment environments.

🔴Patch immediately
#3720138CVSS 9.1
T22026-07-14
SAP Commerce Cloud

Hardcoded Sample OAuth2 Credentials in SAP Commerce Cloud OCC

SAP Commerce Cloud ships sample OAuth2 credentials in default configuration files for the OCC (Omnichannel Commerce) API layer. These sample credentials remain active in production environments where the default configuration has not been explicitly replaced. An attacker who discovers these credentials — which are publicly documented in SAP sample code — gains authenticated API access with the permissions of the sample client, potentially enabling unauthorised data access and modification across the commerce platform.

🔴Patch immediately
#3753495CVSS 9.1
T22026-07-14
SAP Integration Suite

Apache Camel Vulnerabilities in SAP Integration Suite Edge Integration Cell

Multiple deserialization and code execution vulnerabilities in the Apache Camel framework (CVE-2026-40860, CVE-2026-40453, CVE-2026-33454) affect SAP Integration Suite Edge Integration Cell deployments prior to version 8.43.11. Successful exploitation can allow an attacker with access to integration endpoints to trigger remote code execution via malicious payloads in Camel routes.

#3758101CVSS 8.8
T22026-07-14
SAProuter

DLL Hijacking in SAProuter for Windows

A DLL hijacking vulnerability in the SAProuter Windows installation allows a local attacker with write access to the SAProuter directory to place a malicious DLL that is loaded on SAProuter startup, resulting in arbitrary code execution with the privileges of the SAProuter process. SAProuter typically runs with elevated permissions and has network access to all SAP systems in the landscape.

#3692165CVSS 8.4
T22026-07-14
SAP Approuter

Open Redirect in SAP Approuter OAuth2 Login Flow

An open redirect vulnerability in the OAuth2 login flow of SAP Approuter allows an unauthenticated attacker to craft a URL that redirects users to an attacker-controlled domain after authentication. This enables phishing attacks that harvest SAP credentials or tokens by redirecting victims post-login.

#3741519CVSS 8.1
T22026-07-14
SAP Commerce Cloud

Multiple Apache Tomcat Vulnerabilities in SAP Commerce Cloud

Multiple Apache Tomcat vulnerabilities (CVE-2026-43512, CVE-2026-41293, CVE-2026-43515) in the embedded Tomcat server of SAP Commerce Cloud. The flaws include memory management issues and request handling defects in Tomcat that can be exploited to cause denial of service or, under specific conditions, trigger further compromise of the Commerce Cloud application server.

#3763800CVSS 8.1
T22026-07-14
SAP NetWeaver

Reflected XSS in SAP NetWeaver Enterprise Portal

Reflected cross-site scripting vulnerability in URL parameters of SAP NetWeaver Enterprise Portal. An attacker can craft a malicious URL that, when visited by an authenticated portal user, executes scripts in the victim's browser context, enabling session hijacking or credential theft.

#3746678CVSS 6.1
T22026-07-14
SAP S/4HANA

SQL Injection in SAP S/4HANA Portfolio and Project Management

SQL injection vulnerability in the Portfolio and Project Management (PPM) module of SAP S/4HANA. An authenticated attacker can inject SQL statements through unsanitised input fields, potentially accessing or modifying project and portfolio data beyond their authorised scope.

#3537373CVSS 5.5

Previous months