CVE-2026-34263 – Missing authentication check in SAP Commerce cloud configuration

CVE ID :CVE-2026-34263

Published : May 12, 2026, 3:16 a.m. | 1 hour, 14 minutes ago

Description :Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…