- Security updates have been released to address vulnerabilities in SAP products.
- the affected products are SAP Forecasting & Replenishment (SCM 702, SCM 712, SCM 713, SCM 714), SAPBASIS (751, 752, 753, 754, 755, 756, 757, 758, 816), HYCOM (2205), COM_CLOUD (2211, 2211-JDK21).
- the resolved vulnerabilities are CVE-2026-34259, CVE-2026-34260, and CVE-2026-34263.
- CVE-2026-34259 is an OS command injection vulnerability in SAP Forecasting & Replenishment.
- CVE-2026-34260 is a SQL injection vulnerability in SAP Enterprise Search for ABAP in SAP S/4HANA.
- CVE-2026-34263 is a missing authentication check vulnerability in SAP Commerce cloud configuration.
- these vulnerabilities were made available as separate security patches and customers are advised to follow the instructions on the reference site to update to the latest version of the Vulnerability Patch.
- the reference sites include SAP Security Patch Day – May 2026 and the SAP notes for each CVE.
