SAP has issued a security patch addressing 15 vulnerabilities, including four critical flaws impacting its core platforms, SAP NetWeaver and SAP Commerce Cloud. NetWeaver serves as the backbone for many SAP applications, while Commerce Cloud supports e-commerce functionalities. Among the critical vulnerabilities, CVE-2026-44748, rated CVSS 9.9, could allow attackers to bypass authentication in SAML-based systems, potentially leading to unauthorized access to sensitive data. Another critical flaw, CVE-2026-27671, involves memory corruption that can be exploited without authentication through crafted requests. Other vulnerabilities include a Spring Security-related issue in Commerce Cloud and a directory traversal flaw in NetWeaver. SAP has also addressed high-severity vulnerabilities related to Apache Tomcat and authorization checks. Organizations utilizing these products are urged to implement the patches promptly to mitigate risks associated with these vulnerabilities, particularly those rated very high in severity.