Summary

Parameter	Value
CVE ID	CVE-2026-34263
Alert Source	GitHub Advisory - Critical Vulnerability
CVE Publication Year	2026
Date Published	2026-05-12
Vendor	SAP
Product	Commerce Cloud
CVSS Score	9.6 (critical)
EPSS Score	No data
CISA KEV	No
Ransomware	Not confirmed

Vulnerability Description

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

Required Actions

Apply vendor patches or mitigations as soon as available.

Who Is Affected?

This vulnerability affects Commerce Cloud by SAP. Check if your organization uses this software and requires updates.

Sources

Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.

Learn More

Why is CIS Benchmarks compliance so critical for your AWS cloud security?

Learn how to conduct an effective AWS security audit aligned with CIS Benchmarks. Identify gaps and improve regulatory compliance....

What is AWS cloud security and why is it critical to your business?

Learn the key principles of security in the AWS cloud. Learn how to protect your data and infrastructure in a cloud environment....

AWS vs Azure vs Google Cloud - A comparison of public cloud leaders

AWS, Azure or Google Cloud? Compare the most popular cloud platforms and choose the best solution for your business. Check out the key differences!...

CVE-2026-34263: Unauthenticated Code Injection in SAP Commerce Cloud

Summary

Vulnerability Description

Required Actions

Who Is Affected?

Sources

Learn More

Tags:

Share:

Talk to an expert

Grzegorz Gnych

Want to Reduce IT Risk and Costs?