VULNERABILITY OVERVIEW
An XML Signature Wrapping (XSW) vulnerability (CWE-347) in SAP NetWeaver's SAML authentication stack allows an authenticated attacker with normal user privileges to obtain a valid signed SAML message, tamper with the XML document structure, and submit the modified assertion to the verifier — which accepts the forged identity. Successful exploitation enables unauthorized access to sensitive user data, privilege escalation, and potential disruption of enterprise SSO flows. No public exploit or active exploitation observed; Onapsis disclosed the attack flow as part of SAP's June 2026 Patch Day.
CVSS BREAKDOWN
↗
Attack Vector
NETWORK
△
Attack Complexity
LOW
⚷
Privs Required
LOW
◈
User Interaction
NONE
⊕
Scope / Impact
CHANGED
C:H · I:H · A:H
AFFECTED VERSIONS
SAP_BASIS versions 702 through 919 (extremely wide version footprint)CITATIONS
- → https://www.securityweek.com/sap-patches-critical-netweaver-commerce-vulnerabilities/
- → https://socradar.io/blog/sap-security-patch-day-june-2026-cve-2026-44748/
- → https://cybersecuritynews.com/sap-security-patch-day-june/
- → https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/