CVE-2026-27671
published 2026-06-09CVE-2026-27671: Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.44%
34.9th percentile
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
blogs_hackernews·2026-06-15·CVSS 8.8
CVE-2026-11645 [HIGH] ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.
## ⚡ Threat of the Week
Google Patches Actively Exploited Chrome 0-Day - G
Hackernews
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
blogs_hackernews·2026-06-10·CVSS 10.0
CVE-2026-25089 [CRITICAL] Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.
The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1).
"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allo
Bleepingcomputer
SAP fixes critical flaws in NetWeaver and Commerce Cloud
blogs_bleepingcomputer·2026-06-09·CVSS 9.1
CVE-2026-44748 [CRITICAL] SAP fixes critical flaws in NetWeaver and Commerce Cloud
## SAP fixes critical flaws in NetWeaver and Commerce Cloud
## Bill Toulas
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud.
NetWeaver is SAP's core application platform and middleware stack that provides the foundation for many SAP business applications, including ERP systems, handling functions such as application serving, integration, authentication, user management, and data processing.
Commerce Cloud is an enterprise e-commerce platform (formerly Hybris). It enables organizations to build and manage online stores, digital sales channels, product catalogs, customer accounts, and order management systems for B2B and B2C commerce.
In this month's securi
2026-06-09
Published