Home

Description

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.

PUBLISHED Reserved 2026-05-07 | Published 2026-07-14 | Updated 2026-07-14 | Assigner sap




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-1392: Use of Default Credentials

Product status

Default status
unaffected

HY_COM 2205
affected

COM_CLOUD 2211
affected

2211-JDK21
affected

References

me.sap.com/notes/3753495

url.sap/sapsecuritypatchday

cve.org (CVE-2026-44761)

nvd.nist.gov (CVE-2026-44761)

Download JSON