SAP has released its June 2026 Security Patch package, addressing 15 vulnerabilities, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. The most severe issues involve an XML Signature Wrapping vulnerability (CVSS 9.9) allowing for authentication bypass in SAML environments and a memory corruption flaw (CVSS 9.8) that can be triggered without authentication via crafted RFC requests.
These updates also cover directory traversal, Spring Security flaws, and missing authorization checks across various core platforms. Given the critical nature of these vulnerabilities—particularly those affecting core application serving and authentication middleware—security teams are advised to prioritize patching immediately to prevent unauthorized data access and potential system disruption.
Top comments (0)