- 24/2026
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver Application Server ABAP and ABAP Platform, SAP NetWeaver, SAP Business One, SAP Business Workflow, SAP S/4HANA, SAP Supply Chain Management, SAP BusinessObjects Business Intelligence Platform, SAP Commerce Cloud, SAP Solution Tools Plug-In (ST-PI), SAP Document Management System and SAP Fiori App.
The attacker could exploit some of these vulnerabilities to perform denial-ofservice attacks, conduct cross-site scripting attacks, obtain sensitive information, bypass security restrictions, execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. SAP CRM and SAP S/4HANA (Scripting Editor) Code Injection Vulnerability (CVE-2026-0488):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. SAP NetWeaver Application Server ABAP and ABAP Platform Missing Authorization Check Vulnerability (CVE-2026-0509):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.