CVE Catalog

CVE-2026-34263

Critical
Published: Translated: NVD NIST

Summary

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution.

Risk Assessment

This can have a high impact on the Confidentiality, Integrity, and Availability of the application, posing a serious threat to the organization.

Recommendation

It is recommended to review and improve the Spring Security configuration to prevent malicious input injection.

Original NVD description (English source)

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS