Cybersecurity Blog | RedLegg

Security Bulletin: Memory Corruption Vulnerability in SAP NetWeaver Application Server ABAP

Written by RedLegg's Cyber Threat Intelligence Team | 7/14/26 7:39 PM

About:

CVE-2026-44747 is a critical memory corruption vulnerability affecting SAP NetWeaver Application Server ABAP.

The vulnerability may be exploited by an authenticated attacker with low privileges over a network without requiring user interaction. Successful exploitation can result in memory corruption, leading to unauthorized access to application data, unauthorized modification of application data, and application or system unavailability.

SAP has released Security Note 3747367 to address the vulnerability. At the time of reporting, there are no confirmed reports of active exploitation in the wild.

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Memory Corruption Vulnerability in SAP NetWeaver Application Server ABAP

Identifier: CVE-2026-44747
PoC or Exploitation:

CVSS Score: 9.9 (Critical, CVSS v3.1)

As of July 14, 2026, there are no confirmed reports of active exploitation in the wild and no validated public proof-of-concept exploit code. 

Update / Patch:

SAP has released Security Note 3747367 to address this vulnerability.
 
Affected product:
 
SAP NetWeaver Application Server ABAP
 
Affected kernel components and versions include:
 
KRNL64NUC:
  • 7.22
  • 7.22EXT
 
KRNL64UC:
  • 7.22
  • 7.22EXT
  • 7.53
 
KERNEL:
  • 7.22
  • 7.53
  • 7.54
  • 7.77
  • 7.89
  • 7.93
  • 9.16
  • 9.18
  • 9.19
  • 9.20
 
 
SAP Security Note and patch guidance:
 
 
SAP Security Patch Day – July 2026:
 



Description:

CVE-2026-44747 is a memory corruption vulnerability affecting SAP NetWeaver Application Server ABAP.
 
An authenticated attacker with low privileges can exploit the vulnerability over a network without requiring user interaction. Successful exploitation could cause memory corruption and result in:
 
  • Unauthorized access to application data
  • Unauthorized modification of application data
  • Application or system unavailability


Mitigation Recommendation:

Immediately review SAP Security Note 3747367 and apply the correction or kernel patch specified for the affected component and release.
 
Inventory SAP NetWeaver Application Server ABAP deployments and determine whether they use any affected KRNL64NUC, KRNL64UC, or KERNEL versions.
 
Restrict access to SAP NetWeaver Application Server ABAP interfaces to authorized users and trusted network locations until patching is complete.
 
Review low-privileged and administrative SAP accounts for unauthorized or unnecessary access.
 
Monitor SAP systems for abnormal application termination, memory-related errors, unexplained service interruption, and unauthorized data-access or modification activity.