Read our latest SAP security bulletins to patch vulnerabilities in your SAP systems and stay ahead of emerging threats.
Our Threat Intelligence team provides continuous monitoring and expert analysis of the latest SAP Security Notes and vulnerabilities. This repository serves as a critical resource for SAP Basis and Security teams to identify, prioritize, and remediate flaws in S/4HANA, ECC, and other SAP solutions. By delivering structured advisories on security notes and high-priority patches, we help organizations reduce their mean-time-to-remediation (MTTR) and protect mission-critical SAP solutions from exploitation.
On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional
SAP’s April 2026 security update addresses a critical SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse. This top-priority issue, detailed in Hot News note 3719353, stems from insufficient authorization checks and is fixed by deactivating the vulnerable code. Other high-risk patches were also released. The April 2026 SAP Security Patch
SAP’s security notes for March 2026 address 14 vulnerabilities, including two critical “Hot News” items. The most severe patches fix a command injection vulnerability related to Apache Log4j and a remote code execution flaw in SAP NetWeaver Enterprise Portal. A high-risk Denial of Service (DoS) note for SAP Supply Chain Management was also released. This
SAP’s February 2026 security update addresses several critical vulnerabilities, including a code injection flaw in SAP S/4HANA and SAP CRM, and a missing authentication check in SAP NetWeaver AS ABAP. These “Hot News” notes require immediate attention to prevent potential system compromise and unauthorized data access. The February 2026 SAP Security Notes patch day released
SAP’s January 2026 security update addresses several critical vulnerabilities, including a SQL injection and a code injection backdoor in S/4HANA that could lead to full system compromise. Immediate patching is required to mitigate risks of data theft, modification, and remote code execution across key SAP products. This advisory summarizes the most severe vulnerabilities released on
SAP’s December 2025 security update includes three “Hot News” notes that patch critical vulnerabilities. These address a code injection flaw in SAP Solution Manager (SolMan), a deserialization vulnerability in SAP jConnect, and multiple issues in Apache Tomcat within SAP Commerce Cloud. Organizations should prioritize applying these patches to mitigate the risk of exploitation. This advisory
SAP’s November 2025 security update includes critical patches for code execution, code injection, and insecure deserialization vulnerabilities. Key systems affected are SAP SQL Anywhere, SAP Solution Manager, and SAP NetWeaver AS Java. Administrators should prioritize the application of these patches to mitigate significant security risks. The November 2025 SAP Security Notes address several severe vulnerabilities
SAP’s October 2025 security update addresses several critical and high-risk vulnerabilities, including two “Hot News” notes for insecure deserialization in SAP NetWeaver AS Java. These patches are crucial for preventing arbitrary OS command execution and protecting system integrity across multiple SAP products. This advisory summarizes the most significant patches released in October 2025. Key fixes
SAP’s September 2025 security update includes the critical Hot News note 3634501, which addresses a CVSS 10/10 insecure deserialization vulnerability in SAP NetWeaver AS Java. This flaw could allow an attacker to execute arbitrary OS commands, leading to a full compromise of the affected Java systems. The SAP Security Notes for September 2025 are headlined
SAP’s August 2025 security update addresses multiple critical vulnerabilities, including two code injection flaws in SAP S/4HANA with CVSS scores of 9.9. These vulnerabilities, patched by notes 3581961 and 3627998, could allow attackers to install backdoors, bypassing all authorization checks and leading to full system compromise. The August 2025 SAP Patch Day delivered fixes for
The July 2025 SAP Security Notes feature several “hot news” patches for critical insecure deserialization vulnerabilities in SAP NetWeaver AS Java components. The most severe issue is a 10.0 CVSS score vulnerability in SAP SRM, alongside a critical code injection flaw in S/4HANA and SCM that could allow for a full system takeover. SAP’s July
A critical “Hot News” SAP security note headlines the June 2025 patch release, addressing a privilege escalation vulnerability in SAP NetWeaver Application Server ABAP (AS ABAP). Organizations should prioritize applying this patch, note 3600840, alongside other high-risk updates for SAP GRC, BW, MDM, and BusinessObjects. The June 2025 SAP Security Patch Day delivers crucial fixes