Back to overview

CVE-2026-44761

CRITICAL
9.1
CVSS 3.1
Description
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.

Metadata

CVE ID
CVE-2026-44761
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:31 UTC
Published
2026-07-14 00:20 UTC
Last updated
2026-07-14 00:20 UTC
Primary CWE
CWE-1392
CWE-1392: Use of Default Credentials
Vendor / Product
SAP_SE / SAP Commerce Cloud
Sources
cve.org  ·  NVD

Severity & Metrics

9.1 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP Commerce Cloud HY_COM 2205, COM_CLOUD 2211, 2211-JDK21
Weakness (CWE)
CWESourceDescription
CWE-1392 cna CWE-1392: Use of Default Credentials
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.1 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Back to overview