PT-2026-39922 · Sap · Sap Commerce Cloud

Published

2026-05-11

·

Updated

2026-06-09

·

CVE-2026-34263

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions SAP Commerce cloud (affected versions not specified)
Description Improper Spring Security configuration allows an unauthenticated user to perform malicious configuration upload and code injection. This can result in arbitrary server-side code execution, significantly impacting the confidentiality, integrity, and availability of the application.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-06822
CVE-2026-34263

Affected Products

Sap Commerce Cloud