6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-44747 is a critical memory corruption vulnerability affecting SAP NetWeaver Application Server ABAP.
The vulnerability may be exploited by an authenticated attacker with low privileges over a network without requiring user interaction. Successful exploitation can result in memory corruption, leading to unauthorized access to application data, unauthorized modification of application data, and application or system unavailability.
SAP has released Security Note 3747367 to address the vulnerability. At the time of reporting, there are no confirmed reports of active exploitation in the wild.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Memory Corruption Vulnerability in SAP NetWeaver Application Server ABAP
Identifier: CVE-2026-44747
PoC or Exploitation:
CVSS Score: 9.9 (Critical, CVSS v3.1)
As of July 14, 2026, there are no confirmed reports of active exploitation in the wild and no validated public proof-of-concept exploit code.
Update / Patch:
- 7.22
- 7.22EXT
- 7.22
- 7.22EXT
- 7.53
- 7.22
- 7.53
- 7.54
- 7.77
- 7.89
- 7.93
- 9.16
- 9.18
- 9.19
- 9.20
Description:
- Unauthorized access to application data
- Unauthorized modification of application data
- Application or system unavailability
Mitigation Recommendation: