Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026

Race condition vulnerability in SAP Commerce Cloud

CVE-2026-23684

Description

A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.

Affected products

SAP/SAP Commercellm-create
SAP_SE/SAP Commerce Cloudv5
Range: HY_COM 2205

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3689543mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000