PatchSiren cyber security CVE debrief
CVE-2026-44748 SAP_SE CVE debrief
A critical vulnerability was discovered in SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier, potentially leading to unauthorized access to sensitive user data and disruption of normal system usage.
- Vendor
- SAP_SE
- Product
- SAP NetWeaver AS ABAP and ABAP Platform
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of SAP NetWeaver Application Server ABAP and ABAP Platform should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 9.9 and is classified as CRITICAL. It allows an authenticated attacker to obtain a valid signed message and send modified signed XML documents to the verifier, potentially leading to unauthorized access to sensitive user data and disruption of normal system usage.
Defensive priority
high
Recommended defensive actions
- Apply the necessary patches and updates to SAP NetWeaver Application Server ABAP and ABAP Platform.
- Restrict access to sensitive data and systems.
- Monitor system usage and logs for potential suspicious activity.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level.
Official resources
CVE-2026-44748 was published on 2026-06-09T01:16:46.603Z and modified on 2026-06-09T02:08:28.150Z.