SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud.
NetWeaver is SAP's core application platform and middleware stack that provides the foundation for many SAP business applications, including ERP systems, handling functions such as application serving, integration, authentication, user management, and data processing.
Commerce Cloud is an enterprise e-commerce platform (formerly Hybris). It enables organizations to build and manage online stores, digital sales channels, product catalogs, customer accounts, and order management systems for B2B and B2C commerce.
In this month's security bulletin, SAP lists the following critical vulnerabilities as being addressed:
CVE-2026-44748 (CVSS 9.9) – XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform, potentially allowing authentication bypass in SAML-based environments.
