high2026-07-14SAP Commerce CloudCVE-2026-43512

Multiple Apache Tomcat Vulnerabilities in SAP Commerce Cloud

SAP Commerce Cloud and SAP Data Hub (Apache Tomcat)

Our Take

Commerce Cloud continues its run of patch-heavy months. Bundle this with the hardcoded credential fix (Note 3753495) in a single maintenance window. If your commerce team has a standing maintenance window, July is a busy one.

Vulnerability Detail

Multiple Apache Tomcat vulnerabilities (CVE-2026-43512, CVE-2026-41293, CVE-2026-43515) in the embedded Tomcat server of SAP Commerce Cloud. The flaws include memory management issues and request handling defects in Tomcat that can be exploited to cause denial of service or, under specific conditions, trigger further compromise of the Commerce Cloud application server.

Patch Action

Apply SAP Note 3763800. Bundle with other open Commerce Cloud notes (3753495, related critical credential note) into a single rebuild and redeployment window.

Affected Versions

HY_COM 2205
COM_CLOUD 2211
COM_CLOUD 2211-JDK21

Patch Info

CVSS Score

8.1

SAP Note

3763800

CVE

CVE-2026-43512

Published

2026-07-14

← All patches