Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3995 articles · 175982 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-44761EXPLOITED
sap · sap commerce cloud

Insecure Sample Credentials in SAP Commerce Cloud

Description

A vulnerability, which was classified as problematic, has been found in SAP Commerce Cloud. Affected by this issue is some unknown functionality of the component Sample Configuration. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-44761. Remote exploitation of the attack is possible.

Affected Products

VendorProductVersions
sapsap commerce cloudHY_COM 2205, COM_CLOUD 2211, 2211-JDK21

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3753495
  • https://url.sap/sapsecuritypatchday

Related News (3 articles)

Tier B
BSI Advisories12h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier D
Heise Security14h ago
SAP-Patchday: Teils kritische Sicherheitslücken in mehreren Produkten gefixt
→ No new info (linked only)
Tier C
VulDB21h ago
CVE-2026-44761 | SAP Commerce Cloud Sample Configuration information disclosure
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-1392
PublishedJul 14, 2026
Last enriched21h agov2
Trending Score61
Source articles3
Independent3
Info Completeness8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44747EXP
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
Trending: 74
CRITICALCVE-2026-44745EXP
Open Redirect vulnerability in SAP Approuter
Trending: 61
HIGHCVE-2026-44752EXP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
Trending: 58
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 58
MEDIUMCVE-2026-44768EXP
Security misconfiguration in SAP CRM (WebClient UI)
Trending: 51

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, activelyExploited
Jul 14, 2026

Version History

v2
Last enriched 21h ago
v2Tier C21h ago

Updated description with new details about the vulnerability and marked it as actively exploited.

descriptionactivelyExploited
via VulDB
v122h ago

Initial creation