medium2026-04-14SAP NetWeaverCVE-2026-27674

Code Injection vulnerability in SAP NetWeaver AS Java (Web Dynpro)

SAP NetWeaver Application Server Java (Web Dynpro Java)

Our Take

NetWeaver Java is in fewer shops these days but Web Dynpro is still widely used. Schedule for your next patch window.

Vulnerability Detail

Code injection vulnerability in the Web Dynpro Java runtime. An attacker could potentially inject and execute arbitrary code through the affected component.

Patch Action

Apply SAP Note 3719397.

Affected Versions

WD-RUNTIME 7.50

Patch Info

Timing

🟡 Next patch window

CVSS Score

6.1

SAP Note

3719397 ↗

CVE

CVE-2026-27674

Published

2026-04-14

Timing recommendations are editorial. Verify against official SAP Security Notes before acting on production systems.

← All patches