SAP Commerce Cloud OAuth2 Sample Credentials Leak Unauthorized API Access
CVE-2026-44761 Published on July 14, 2026
Insecure Sample Credentials in SAP Commerce Cloud
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.
Vulnerability Analysis
CVE-2026-44761 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Products Associated with CVE-2026-44761
Want to know whenever a new CVE is published for SAP Commerce Cloud? stack.watch will email you.
Affected Versions
SAP_SE SAP Commerce Cloud:- Version HY_COM 2205 is affected.
- Version COM_CLOUD 2211 is affected.
- Version 2211-JDK21 is affected.