Serial number: AV26-690
Date: July 14, 2026
On July 14, 2026, SAP published security advisories to address vulnerabilities in the following products. Included were critical updates for the following:
- SAP Approuter node.js package - versions prior to 20.10.0
- SAP Approuter node.js package - versions prior to 21.2.0
- SAP Change and Transport System Attach Tool (ctsattach) - version CTS_UPLOAD_CLT 1
- SAP Commerce Cloud - versions HY_COM 2205, COM_CLOUD 2211 and 2211-JDK21
- SAP CRM (WebClient UI) - versions S4FND 104, 105 and 106
- SAP Fiori (launchpad) - versions SAP_UI 754, 755, 756, 757, 758 and 816
- SAP Integration Suite (Edge Integration Cell) - versions prior to 8.43.11
- SAP HANA Extended Application Services classic model (User Self Service) - version HDB 2.00
- SAP NetWeaver Application Server ABAP - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53. 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19 and 9.20
- SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) - multiple versions
- SAP NetWeaver Application Server Java (Configuration Wizard) - version ENGINEAPI 7.50
- SAP NetWeaver Application Server Java (Web Container) - version LMCTC 7.50
- SAP NetWeaver AS Java - versions SERVERCORE 7.50, CORE-TOOLS 7.50 and J2EE-APPS 7.50
- SAP NetWeaver Enterprise Portal - version EP-RUNTIME 7.50
- SAProuter on Microsoft Windows - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, SAP_ROUTER 7.53, 7.54, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.17 and 9.18
- SAP S/4 HANA (Create Single Payment) - versions S4CORE 102, 103, 104, 105, 106, 107, 108 and 109
- SAP S/4HANA (Draft operation) - version S4CORE 108
- SAP S/4HANA Project Management (PPM-PRO) - multiple versions
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.