Skip to content
Auto-CTI
Back to today
NEW CRITICAL A2

CVE-2026-44747: SAP NetWeaver Application Server ABAP Memory Corruption Vulnerability

A NVD · · CVE-2026-44747

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
9.9
EPSS
0%

Key insight

The vulnerability requires authentication and exploits memory management errors, which means lower exploitation risk for ERP systems with restricted network access, but becomes critical if user accounts are compromised.

Description

CVE-2026-44747 is a memory management vulnerability in SAP NetWeaver Application Server ABAP that can be exploited by authenticated attackers. Logical errors in memory management enable memory corruption that could lead to unauthorized data access, data modification, or system unavailability. The impact affects confidentiality, integrity, and availability of the application. The vulnerability requires the attacker to already possess valid credentials or obtain them through other means.

Risk score

100
cvss base
99.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
99.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

3 TTPs
Recon
Resource Dev
Initial Access
Execution
Persistence
Priv. Escal.
Def. Evasion
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1499.004
Application or System Exploitation
Impact Authenticated attacker exploits logical errors in memory management in SAP NetWeaver AS ABAP (CVE-2026-44747) to cause memory corruption, potentially leading to system unavailability. high llm
T1212
Exploitation for Credential Access
Credential Access Memory corruption vulnerability in SAP NetWeaver AS ABAP exploited to gain unauthorized access to sensitive data stored in application memory. medium llm
T1565
Data Manipulation
Impact Exploitation of CVE-2026-44747 memory corruption vulnerability in SAP NetWeaver AS ABAP enables unauthorized modification of application data, impacting data integrity. medium llm
ESC