9.6

CVE-2026-34263

Medienbericht

EPSS 0.02%
Veröffentlicht 12.05.2026 02:20:34
Zuletzt bearbeitet 15.05.2026 12:17:07
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing authentication check in SAP Commerce cloud configuration

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP Commerce cloud configuration

Default Statusunaffected

Version HY_COM 2205

Status affected

Version COM_CLOUD 2211

Status affected

Version 2211-JDK21

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://www.heise.de/news/SAP-Patchday-Kritische-Sicherheitsluecken-erlauben-unbefugte-Anmeldung-11291173.html

Media Report

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4hana/

Media Report

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3733064

https://nvd.nist.gov/vuln/detail/CVE-2026-34263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34263

EUVD