medium2026-07-14SAP CRMCVE-2026-44768

Security Misconfiguration in SAP CRM WebClient UI

SAP CRM WebClient UI

Our Take

Low blast radius — requires authentication and CRM access. If you run SAP CRM (as opposed to having migrated to S/4HANA), include in your next planned window.

Vulnerability Detail

A security misconfiguration in the SAP CRM WebClient UI exposes internal configuration or session information that could be leveraged by an authenticated attacker to gain additional access or map internal system structure.

Patch Action

Apply SAP Note 3155685. Verify affected versions in the official SAP Note.

Patch Info

CVSS Score

4.1

SAP Note

3155685

CVE

CVE-2026-44768

Published

2026-07-14

← All patches