CVE-2026-44747: SAP NetWeaver Application Server ABAP Memory Corruption Vulnerability
A NVD · · CVE-2026-44747
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 9.9
- EPSS
- 0%
Key insight
The vulnerability requires authentication and exploits memory management errors, which means lower exploitation risk for ERP systems with restricted network access, but becomes critical if user accounts are compromised.
Description
CVE-2026-44747 is a memory management vulnerability in SAP NetWeaver Application Server ABAP that can be exploited by authenticated attackers. Logical errors in memory management enable memory corruption that could lead to unauthorized data access, data modification, or system unavailability. The impact affects confidentiality, integrity, and availability of the application. The vulnerability requires the attacker to already possess valid credentials or obtain them through other means.
Risk score
- cvss base
- 99.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 99.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational
MITRE ATT&CK mapping
3 TTPsProcedure details
| Technique | Tactic | Procedure | Conf. | Source |
|---|---|---|---|---|
| T1499.004 Application or System Exploitation | Impact | Authenticated attacker exploits logical errors in memory management in SAP NetWeaver AS ABAP (CVE-2026-44747) to cause memory corruption, potentially leading to system unavailability. | high | llm |
| T1212 Exploitation for Credential Access | Credential Access | Memory corruption vulnerability in SAP NetWeaver AS ABAP exploited to gain unauthorized access to sensitive data stored in application memory. | medium | llm |
| T1565 Data Manipulation | Impact | Exploitation of CVE-2026-44747 memory corruption vulnerability in SAP NetWeaver AS ABAP enables unauthorized modification of application data, impacting data integrity. | medium | llm |