SAP Issues 15 May Security Notes With Two 9.6 CVEs: a Read-Only SQL Injection in S/4HANA Enterprise Search and an Unauthenticated Commerce Cloud Bypass
SAP's May 12 Patch Day fixes CVE-2026-34260 in S/4HANA's Enterprise Search for ABAP and CVE-2026-34263 in Commerce Cloud, plus a high-severity OS command injection in Forecasting & Replenishment.
4 min read5 sources