Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
9.9
CVE-2026-44747EXPLOITED
sap · sap netweaver application server abap

Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

Description

A vulnerability identified as critical has been detected in SAP NetWeaver Application Server ABAP up to KRNL64UC 7.22. This impacts an unknown function. The manipulation leads to out-of-bounds write.

Affected Products

VendorProductVersions
sapsap netweaver application server abapKRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.53, KERNEL 7.22, 7.53. 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19, 9.20

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3747367
  • https://url.sap/sapsecuritypatchday

Related News (6 articles)

Tier D
The Hacker News4h ago
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
→ No new info (linked only)
Tier B
CCCS Canada8h ago
SAP security advisory – July 2026 monthly rollup (AV26-690)
→ No new info (linked only)
Tier D
SecurityWeek11h ago
SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud
→ No new info (linked only)
Tier B
BSI Advisories11h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier D
Heise Security13h ago
SAP-Patchday: Teils kritische Sicherheitslücken in mehreren Produkten gefixt
→ No new info (linked only)
Tier C
VulDB17h ago
CVE-2026-44747 | SAP NetWeaver Application Server ABAP up to KRNL64UC 7.22 out-of-bounds write
→ No new info (linked only)
CVSS 3.19.9 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-787
PublishedJul 14, 2026
Last enriched8h agov3
Trending Score75
Source articles6
Independent6
Info Completeness9/14
Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44761EXP
Insecure Sample Credentials in SAP Commerce Cloud
Trending: 61
CRITICALCVE-2026-44745EXP
Open Redirect vulnerability in SAP Approuter
Trending: 61
HIGHCVE-2026-44752EXP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
Trending: 59
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 59
CRITICALCVE-2026-27690
HTTP Request Smuggling in SAP Approuter
Trending: 51

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description
Jul 14, 2026
Updated: exploitAvailable, activelyExploited
Jul 14, 2026

Version History

v3
Last enriched 8h ago
v3Tier B8h ago

Updated affected versions to include 7.22EXT and marked exploit availability and active exploitation status as true.

exploitAvailableactivelyExploited
via CCCS Canada
v2Tier C17h ago

Updated description with new technical details, specified affected version KRNL64UC 7.22, and corrected exploit availability status.

description
via VulDB
v120h ago

Initial creation