Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026

Information Disclosure vulnerability in SAP Commerce Cloud

CVE-2026-24321

Description

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.

Affected products

SAP/Commerce Cloudllm-create
SAP_SE/SAP Commerce Cloudv5
Range: HY_COM 2205

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3687771mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000