Bottom line: SAP Patch Day June 2026 fixes multiple security vulnerabilities with critical impact on privilege escalation, code execution, and data access.
In June 2026, SAP closed several vulnerabilities in various products. These gaps enable attackers to escalate privileges, execute code, and access data.
The Federal Office for Information Security (BSI) warns of multiple vulnerabilities in SAP software that will be patched in June 2026. An attacker can exploit these gaps to escalate their privileges or execute arbitrary code.
Beyond privilege escalation and code execution, the impacts include bypassing security measures, cross-site scripting (XSS) and SQL injection attacks, data manipulation, disclosure of confidential information, and denial-of-service conditions. The full scope of possible impacts is not yet fully characterized by the BSI.
CISOs should conduct an inventory of affected SAP systems after publication of SAP patches and evaluate the severity classification. Rapid prioritization and patch deployment is required to reduce the attack surface.
Source: wid.cert-bund.de · Published June 9, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.