CVE-2026-34263

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

459

Incomplete Cleanup

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other Confidentiality Integrity

Potential Impacts:

Other Read Application Data Modify Application Data Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

View CWE Details

https://me.sap.com/notes/3733064

https://url.sap/sapsecuritypatchday

CVE-2026-34263

Description

Incomplete Cleanup

Common Consequences

Applicable Platforms

Iscriviti alla newsletter