- CERT-In identified multiple critical vulnerabilities in various SAP digital products on May 14, 2026
- Vulnerabilities risk unauthorized access, data compromise, remote code execution, and system takeover
- Affected SAP products include S/4HANA, Commerce Cloud, NetWeaver, Business Objects, and SAPUI5 among others
The Computer Emergency Response Team-India (CERT-In) has identified multiple vulnerabilities in digital SAP products and assigned them a “Critical” severity rating, according to an advisory published on its official website on Thursday, May 14, 2026.
The agency issued a critical alert regarding the vulnerabilities detected in the software and outlined the affected products as well as the potential impact of exploitation.
CERT-In stated that the vulnerabilities pose a high risk of unauthorised access, data compromise and potential remote code execution.
ALSO READ | OpenAI vs Anthropic: Is 'Daybreak' The Counter To Claude Mythos?
The affected software includes SAP S/4HANA (SAP Enterprise Search for ABAP), SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP S/4HANA Condition Maintenance, Business Server Pages Application (TAF_APPLAUNCHER), SAP Business Objects Business Intelligence Platform, SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard), SAPUI5 (Search UI), SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), SAP Financial Consolidation, SAP Incentive and Commission Management, SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, and SAP HANA Deployment Infrastructure (HDI) deploy library.
The advisory said the vulnerabilities could allow attackers to execute arbitrary commands, perform SQL injection attacks, bypass authentication and authorisation checks, conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, inject malicious code, spoof content, and trigger denial-of-service (DoS) conditions on targeted systems.
According to CERT-In, the potential impact includes remote code execution, data compromise and complete system takeover.
ALSO READ | Google Stops Zero-Day Attack For First Time After Hackers Used AI To Exploit Software Flaw
The advisory is aimed at SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscapes, and application developers using the affected SAP products and components.
SAP is a German software company that builds enterprise systems used to manage key corporate functions such as finance, supply chains, human resources, sales and operations.
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.