Originally published at: SAP patches critical Commerce Cloud RCE and S/4HANA SQL injection (CVE-2026-34263, CVE-2026-34260) - ToolsLib Blog
SAP’s May 2026 updates fix two critical issues: unauthenticated RCE in Commerce Cloud (CVE-2026-34263) and authenticated SQL injection in S/4HANA Enterprise Search (CVE-2026-34260).