SB2026071484 - Use of hard-coded credentials in SAP Commerce Cloud



SB2026071484 - Use of hard-coded credentials in SAP Commerce Cloud

Published: July 14, 2026

Security Bulletin ID SB2026071484
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Use of hard-coded credentials (CVE-ID: CVE-2026-44761)

CWE-ID: CWE-798 - Use of Hard-coded Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Red


The vulnerability allows a remote attacker to gain unauthorized access to sensitive information and modify data.

The vulnerability exists due to use of insecure sample credentials in SAP Commerce Cloud when exposed services are deployed with default credentials. A remote attacker can authenticate with sample credentials to gain unauthorized access to sensitive information and modify data.


Remediation

Install update from vendor's website.