CVE-2026-24321

CWE-3594 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 83.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Commerce CloudSAP Commerce Cloud
Timeline
PublishedFeb 10

Description

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsap/commerce_cloud2205, 2211+1
CVEListV5sap_se/sap_commerce_cloud2211-JDK21, COM_CLOUD 2211, HY_COM 2205+2

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP Commerce Cloud2026-02-10
GHSA
GHSA-xpv9-9vrq-v7c4: SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensi2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-24321 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-24321 (MEDIUM CVSS 5.3) | SAP Commerce Cloud exposes multiple | cvebase.io