VYPR
Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026

Information Disclosure vulnerability in SAP Commerce Cloud

CVE-2026-24321

Description

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • SAP/Commerce Cloudllm-create2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: HY_COM 2205

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.