SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-44747 2026-07-13

CVE-2026-44747: Critical Memory Corruption in SAP NetWeaver Application Server ABAP

"A critical (CVSS 9.9) memory-corruption flaw in SAP NetWeaver Application Server ABAP lets an authenticated attacker corrupt memory to read, alter, or take down the application."

A critical (CVSS 9.9) memory-corruption flaw in SAP NetWeaver Application Server ABAP lets an authenticated attacker corrupt memory to read, alter, or take down the application.

What Is It

CVE-2026-44747 is a memory-corruption vulnerability (CWE-787, out-of-bounds write) in SAP NetWeaver Application Server ABAP. According to SAP, an authenticated attacker can leverage logical errors in memory management to cause memory corruption. The vulnerability carries a CVSS 3.1 base score of 9.9 (CRITICAL) with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, network-reachable, low attack complexity, and requiring only low privileges with no user interaction.

Why It Matters

Successful exploitation can lead to unauthorized data access, data modification, or system unavailability, with high impact on the confidentiality, integrity, and availability of the application. The scope is rated as changed, meaning the impact can extend beyond the vulnerable component. Combined with network reachability and a low privilege requirement, this makes the flaw attractive to any attacker who already holds a low-level authenticated foothold on an affected system.

Note: no CISA KEV entry was supplied for this CVE, so active exploitation is not confirmed by the source material.

What's Vulnerable

The affected product is SAP NetWeaver Application Server ABAP (vendor SAP SE). SAP lists the following affected versions:

Patch Status

SAP addressed this vulnerability in SAP Security Note 3747367, published as part of SAP Security Patch Day. Administrators running any affected version should apply the corresponding SAP Note to remediate. No workaround is described in the supplied source material.

Sources