- SAP has released security updates that address vulnerabilities in SAP products.
- the affected products are SAP NetWeaver AS ABAP and ABAP Platform, SAP NetWeaver Application Server Java (Web Container), and the SAP_BASIS product family.
- CVE-2026-27671 is a memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform.
- CVE-2026-40128 is a Directory Path Manipulation vulnerability in SAP NetWeaver Application Server Java (Web Container).
- CVE-2026-44748 is an XML signature wrapping vulnerability in the SAML authentication feature in SAP NetWeaver AS ABAP and ABAP Platform.
- CVE-2026-44751 is an access control laxity vulnerability in SAP NetWeaver AS ABAP and ABAP Platform.
- affected Versions are KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19, ENGINEAPI 7.50, SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 918, 919.
- vulnerability patches have been made available in the latest update, and you should follow the instructions on the reference site to update to the latest version of the Vulnerability Patch.
- separate security patches have been provided for each CVE.
