critical2026-06-09SAP NetWeaverCVE-2026-44748

XML Signature Wrapping in SAML Authentication of NetWeaver AS ABAP

SAP NetWeaver AS ABAP and ABAP Platform (SAML Authentication)

Our Take

CVSS 9.9, authentication bypass via identity tampering, affecting every modern BASIS release. This is the note of the month. SAML is the backbone of SSO in most enterprise SAP landscapes — an XSW exploit here is effectively a universal skeleton key. The version range (BASIS 702 through 919) means almost every SAP shop running ABAP is exposed. This should interrupt your weekend.

Vulnerability Detail

An XML Signature Wrapping (XSW) vulnerability in the SAML Authentication component of SAP NetWeaver AS ABAP and ABAP Platform allows an authenticated attacker with low privileges to obtain a valid signed SAML message, modify the XML identity claims within the signed envelope, and replay it to the verifier. The verifier accepts the tampered document, granting the attacker access as any target user — including privileged accounts — without knowing their credentials.

Workaround

Restrict SAML IdP trust relationships to known-good endpoints and review SAML session logs for anomalous assertions. Temporary disabling of SAML SSO is an option if operationally feasible.

Patch Action

Apply SAP Note 3746332 immediately.

Affected Versions

SAP_BASIS 702

731

740

750

751

752

753

754

755

756

757

758

804

816

918

919

Patch Info

Priority

🔴 Patch immediately

CVSS Score

9.9

SAP Note

3746332 ↗

CVE

CVE-2026-44748

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches