medium2026-07-14SAP CRMCVE-2026-44768
Security Misconfiguration in SAP CRM WebClient UI
SAP CRM WebClient UI
Our Take
Low blast radius — requires authentication and CRM access. If you run SAP CRM (as opposed to having migrated to S/4HANA), include in your next planned window.
Vulnerability Detail
A security misconfiguration in the SAP CRM WebClient UI exposes internal configuration or session information that could be leveraged by an authenticated attacker to gain additional access or map internal system structure.
Patch Action
Apply SAP Note 3155685. Verify affected versions in the official SAP Note.
Patch Info