Use of hard-coded credentials in SAP Commerce Cloud - CVE-2026-44761

 

Use of hard-coded credentials in SAP Commerce Cloud - CVE-2026-44761

Published: July 14, 2026


Vulnerability identifier: #VU137497
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2026-44761
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SAP
Affected software:
SAP Commerce Cloud

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information and modify data.

The vulnerability exists due to use of insecure sample credentials in SAP Commerce Cloud when exposed services are deployed with default credentials. A remote attacker can authenticate with sample credentials to gain unauthorized access to sensitive information and modify data.


How to mitigate CVE-2026-44761

Install security update from vendor's website.

Sources