Read our latest SAP security bulletins to patch vulnerabilities in your SAP systems and stay ahead of emerging threats.
Our Threat Intelligence team provides continuous monitoring and expert analysis of the latest SAP Security Notes and vulnerabilities. This repository serves as a critical resource for SAP Basis and Security teams to identify, prioritize, and remediate flaws in S/4HANA, ECC, and other SAP solutions. By delivering structured advisories on security notes and high-priority patches, we help organizations reduce their mean-time-to-remediation (MTTR) and protect mission-critical SAP solutions from exploitation.
SAP security note 3746332 addresses CVE-2026-44748, an XML Signature Wrapping vulnerability in SAML authentication for SAP NetWeaver AS ABAP and ABAP Platform. The vulnerability allows an authenticated low-privileged attacker to obtain a valid signed SAML or signed XML message, manipulate the XML structure, and submit a modified document that may still pass signature validation if
The SAP security advisories for May 2026 address several high-impact vulnerabilities, including a targeted software supply-chain attack, a “Hot News” SQL injection in S/4HANA, a missing authentication check in Commerce Cloud, and a high-risk OS command injection. Organizations should treat these notes as urgent and prioritize remediation to mitigate significant risks. Executive Summary SAP’s security
Mini Shai-Hulud is a malware campaign that targeted the software supply chain for SAP cloud development by injecting malicious code into specific npm packages. Active for a few hours on April 29, 2026, the attack was designed to steal sensitive credentials, including GitHub tokens, npm tokens, and cloud credentials from developers using these tools. This
SAP’s April 2026 security update addresses a critical SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse. This top-priority issue, detailed in Hot News note 3719353, stems from insufficient authorization checks and is fixed by deactivating the vulnerable code. Other high-risk patches were also released. The April 2026 SAP Security Patch
SAP’s security notes for March 2026 address 14 vulnerabilities, including two critical “Hot News” items. The most severe patches fix a command injection vulnerability related to Apache Log4j and a remote code execution flaw in SAP NetWeaver Enterprise Portal. A high-risk Denial of Service (DoS) note for SAP Supply Chain Management was also released. This
SAP’s February 2026 security update addresses several critical vulnerabilities, including a code injection flaw in SAP S/4HANA and SAP CRM, and a missing authentication check in SAP NetWeaver AS ABAP. These “Hot News” notes require immediate attention to prevent potential system compromise and unauthorized data access. The February 2026 SAP Security Notes patch day released
SAP’s January 2026 security update addresses several critical vulnerabilities, including a SQL injection and a code injection backdoor in S/4HANA that could lead to full system compromise. Immediate patching is required to mitigate risks of data theft, modification, and remote code execution across key SAP products. This advisory summarizes the most severe vulnerabilities released on
SAP’s December 2025 security update includes three “Hot News” notes that patch critical vulnerabilities. These address a code injection flaw in SAP Solution Manager (SolMan), a deserialization vulnerability in SAP jConnect, and multiple issues in Apache Tomcat within SAP Commerce Cloud. Organizations should prioritize applying these patches to mitigate the risk of exploitation. This advisory
SAP’s November 2025 security update includes critical patches for code execution, code injection, and insecure deserialization vulnerabilities. Key systems affected are SAP SQL Anywhere, SAP Solution Manager, and SAP NetWeaver AS Java. Administrators should prioritize the application of these patches to mitigate significant security risks. The November 2025 SAP Security Notes address several severe vulnerabilities
SAP’s October 2025 security update addresses several critical and high-risk vulnerabilities, including two “Hot News” notes for insecure deserialization in SAP NetWeaver AS Java. These patches are crucial for preventing arbitrary OS command execution and protecting system integrity across multiple SAP products. This advisory summarizes the most significant patches released in October 2025. Key fixes
SAP’s September 2025 security update includes the critical Hot News note 3634501, which addresses a CVSS 10/10 insecure deserialization vulnerability in SAP NetWeaver AS Java. This flaw could allow an attacker to execute arbitrary OS commands, leading to a full compromise of the affected Java systems. The SAP Security Notes for September 2025 are headlined
SAP’s August 2025 security update addresses multiple critical vulnerabilities, including two code injection flaws in SAP S/4HANA with CVSS scores of 9.9. These vulnerabilities, patched by notes 3581961 and 3627998, could allow attackers to install backdoors, bypassing all authorization checks and leading to full system compromise. The August 2025 SAP Patch Day delivered fixes for