Skip to content
Threat Feed
Subscribe

Tag

Sap

7 briefs RSS
high advisory

Multiple Vulnerabilities Discovered in SAP Products Including SQLi, XSS, and Policy Bypass

Multiple high-severity vulnerabilities discovered in various SAP products, including SQL injection (SQLi), remote indirect code injection (XSS), and security policy bypasses, could allow unauthenticated attackers to compromise sensitive enterprise systems by June 2026.

Business Objects Business Intelligence Platform +78 sap vulnerability sqli xss web-application
2r 5t 5c
high advisory

SAP Patchday April 2026: Multiple Vulnerabilities

Multiple vulnerabilities in SAP software could allow an attacker to perform SQL injection, gain elevated privileges, execute arbitrary code, bypass security measures, perform cross-site scripting attacks, manipulate data, disclose sensitive information, or cause other unspecified impacts.

sap vulnerability sql-injection privilege-escalation xss
2r 4t
high advisory

CVE-2026-34259: SAP Forecasting & Replenishment OS Command Execution

CVE-2026-34259 is an OS Command Execution vulnerability in SAP Forecasting & Replenishment that allows an authenticated attacker with administrative privileges to execute arbitrary OS commands, potentially leading to complete system compromise.

Forecasting & Replenishment cve command injection sap rce vulnerability
2r 3t 1c
critical advisory

SAP Commerce Cloud Unauthenticated Remote Code Execution (CVE-2026-34263)

SAP Commerce Cloud is vulnerable to unauthenticated malicious configuration upload and code injection due to improper Spring Security configuration, resulting in arbitrary server-side code execution.

Commerce cloud CVE-2026-34263 rce sap spring security
2r 1t 1c
high advisory

SAP S/4HANA SQL Injection Vulnerability (CVE-2026-34260)

SAP S/4HANA (SAP Enterprise Search for ABAP) is vulnerable to SQL injection (CVE-2026-34260) via user-controlled input, allowing an authenticated attacker to inject malicious SQL statements, leading to unauthorized data access and potential application crashes.

S/4HANA sql-injection vulnerability sap
2r 2t 1c
critical threat

Mini Shai-Hulud Supply Chain Attack Targets SAP NPM Packages

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

Cloud Application Programming +5 TeamPCP supply-chain npm sap credential-theft
2r 1t
critical advisory

SAP Business Planning and Consolidation and Business Warehouse SQL Injection Vulnerability

CVE-2026-27681 describes an insufficient authorization check vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse that allows authenticated users to execute crafted SQL statements, leading to unauthorized data access, modification, and deletion.

cve-2026-27681 sql-injection sap
2r 1t 1c