SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

The first round of SAP patches for 2026 resolves 19 vulnerabilities, including critical SQL injection, RCE, and code ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
CSOonline

Critical flaw allows hackers to breach SAP systems with ease

SAP users should immediately deploy a newly released patch for a critical vulnerability that could allow hackers to compromise their systems and the data they contain. The flaw is in a core component ...
ZDNet

SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications

On Tuesday, SAP and Onapsis jointly released a report on the activities, in which security flaws with CVSS severity scores of up to 10, the highest possible, are being weaponized. SAP applications are ...
Computer Weekly

Recon vulnerability puts thousands of SAP customers at risk

SAP has released a critical security update to address a serious vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, which is thought to affect at least ...
Bleeping Computer

SAP updates security note for critical RECON vulnerability

SAP today released its security patches for August, alerting of new critical and high-severity vulnerabilities in several of its products, mostly NetWeaver Application Server (AS). The full list ...
heise online

SAP Patchday: NetWeaver products are vulnerable to malware attacks

On Patchday in July, SAP developers closed a total of five "critical" security vulnerabilities. In the worst case scenario, malicious code can compromise systems. So far, there are no indications that ...